Nex-Tech Trust Center

 
 
Nex-Tech encourages all entities to have a multi-tiered cyber security stance that includes; Training, Cyber Products, Backup and Cyber Insurance.
 
 
OUR PEOPLE
 
  • Nex-Tech provides cybersecurity awareness training to all employees via company meetings, departmental meetings, new employee orientations and corporate intranet posts.
  • Nex-Tech tests employees on social engineering attacks and identity theft.
  • Nex-Tech has an internal team of professionals focused on cybersecurity representing various areas of the company.
  • Nex-Tech technicians receive training on cybersecurity tools and techniques.
  • Nex-Tech conducts internal attack simulations for various cybersecurity scenarios. Nex-Tech participates in multiple peer cybersecurity information sharing groups across two different critical sectors.
  • Cybersecurity responsibilities are documented in job descriptions.
  • Regular updates are provided to Nex-Tech’s management team and board.
 
 
OUR PROCESSES
 
  • Nex-Tech’s Employee Handbook documents company policies, procedures, and controls related to information security.
  • Nex-Tech has a documented Emergency Response Plan which includes cybersecurity incident response as well as other disaster recovery processes. A redacted copy can be provided to existing or prospective customers under an NDA upon request.
  • Nex-Tech follows AICPA Trust Services Criteria and undergoes an annual SOC 2 Type 1 compliance audit by a third-party auditing firm. A copy can be provided to existing or prospective customers under an NDA upon request.
  • Nex-Tech utilizes the NIST framework as a guide for its cybersecurity program.
  • Nex-Tech follows PCI compliance standards for handling personal cardholder data.
  • Nex-Tech utilizes HIPAA controls when working with medical providers and other entities who maintain Protected Health Information.
  • Nex-Tech can provide a signed BAA (Business Associate Agreement) to existing customers upon request.
  • Nex-Tech utilizes CJIS controls when providing service to law enforcement agencies, courts, and other governmental entities who maintain Criminal History Record Information.
  • Nex-Tech can provide CJIS security addendums signed by technicians upon request.
  • Nex-Tech maintains cybersecurity insurance. A certificate of insurance can be provided to existing customers upon request.
 
 
OUR SYSTEMS
 
  • Nex-Tech offices are protected by physical security, surveillance, and access control systems.
  • Nex-Tech utilizes a robust suite of cybersecurity tools for protection, detection, and response.
  • Nex-Tech enforces complex passwords and multi-factor authentication whenever available.
  • Nex-Tech incorporates role-based security with least privilege principles for network and application system access.
  • Nex-Tech considers Zero Trust principles for internal and external facing systems where applicable.
  • Nex-Tech strives to encrypt sensitive data in transit and at rest whenever possible.
  • Nex-Tech has implemented a formal vulnerability management program utilizing external scans from multiple third parties and internal scans using the latest scanning tools.
  • Nex-Tech regularly patches network and computer systems.