National Bankcards Services, Inc. has information assets, which are critical to doing business and keeping the trust of our employees, clients and customers. This policy outlines National Bankcard Services, Inc. commitments to our employees, clients and customers regarding how we will handle this information.
The information covered in this guideline is developed to establish a uniform privacy policy relating to the handling of information within NBS, Inc.
This policy applies to all National Bankcard Services, Inc. employees.
Information can be sensitive by its nature, and can also be sensitive due to regulations and industry standards. The types of sensitive information can include:
This information may reside on NBS, Inc. systems or backup devices, may traverse NBS, Inc. networks or on paper. All locations must be properly controlled.
The rules by which information is handled are determined by the regulations, business requirements, and NBS, Inc. commitments relating to that type of information. Put together, these are called the significance of the information.
Every NBS employee, supplier or vendor, agent or representative of NBS, Inc. must be aware of the significance of the information being handled, and ensure that proper controls are applied to prevent copying, disclosure, or other misuse of the information.
This Privacy Policy is a part of the overall security and privacy effort of our company. Other policies and controls may also apply, as issued by NBS, Inc. management. These are available in NBS Security Awareness Program documentation, or on the company’s intranet site.
Penalties for violating these policies may include disciplinary actions up to termination of employment. NBS, Inc. relies upon employees to properly develop, maintain, and operate our systems, networks, and processes which keep our sensitive information safe and properly used. This means that every employee handling our information has the responsibility to keep the information safe, no matter where the information is located. This includes computing systems, networks, paper copies, business processes, and verbal transmission of information.
National Bankcard Services, Inc. will meet all applicable requirements in properly protecting the information, including:
The protections NBS, Inc. applies to information assets will be in proportion to the value and sensitivity of the information, and will balance the sensitivity of the information against
National Bankcard Services, Inc. will protect all types of sensitive information, including but not limited to
National Bankcard Services, Inc. will ensure that these controls are accepted by all employees, vendors, service providers, representatives and associates of NBS, Inc. who may have access to our information. This includes ensuring that all personnel at all levels are aware of, and are held accountable for safeguarding information assets.
National Bankcard Services, Inc. will ensure that access to information is controlled, and based upon, job function and need-to-know criteria.
National Bankcard Services, Inc. will maintain proper business continuity and security procedures, including information systems, networks, resources, and business processes.
National Bankcard Services, Inc. will report any suspected or actual breach of these policies, and will cooperate with investigative agencies.
National Bankcard Services, Inc. will comply with other, related policies, including the all- information security policies.
National Bankcard Services, Inc. values each employee, and so has a commitment to protect the personal information that NBS handles on behalf of the employee.
It is our policy that:
One of National Bankcard Services, Inc. core values is to properly value and protect any information entrusted to us about our clients and customers. This policy describes how NBS will safeguard personal, client and company information, to a high level of trust when working with National Bankcard Services, Inc.
It is National Bankcard Services, Inc. policy that:
National Bankcard Services, Inc. places the upmost importance on securing cardholder data (CHD) that is received and/or processed through NBS from each of our clients. This policy describes how NBS will safeguard CHD.
It is National Bankcard Services, Inc. policy that:
NBS information and/or hardware can not be removed from NBS facilities without prior authorization from NBS management. The removal of any information from NBS facilites must be for a business- related purpose, where the business-related purpose cannot be met unless the information and/or hardware is removed from an NBS facility. The removal and use of NBS proprietary information and/or hardware must have a clearly defined use with a stated information and/or hardware removal date, use date as well as a stated information and/or hardware return date.
It is part of every employee’s job to adhere to the NBS Privacy Policy. If you have any questions or concerns related to this policy, please contact John O’Neil.
“Employees” include all permanent, part-time, temporary and contract employees.
“Clients” include all entities or individuals that interact with NBS, Inc., whether the entities are currently doing business with NBS, Inc., considering doing business with NBS, Inc., were at some point doing business with NBS, Inc. or were at some point considering doing business with NBS, Inc.
“Customers” include all individuals that interact with NBS, Inc., whether the individual work for a client or is a customer of a client that is currently doing business with NBS, Inc., considering doing business with NBS, Inc., were at some point doing business with NBS, Inc. or were at some point considering doing business with NBS, Inc.
“Cardholder Data” includes all authorization request data as well as all authorization response data, except any data contained in the authorization request and/or authorization response which cannot be applied per PCI DSS rules surrounding this type of data.