Security Overview

Purpose

This document describes NGSS's approach to protecting information and maintaining the confidentiality, integrity, and availability of our systems. It is a high-level overview intended for customers and partners.

Security Principles

Our security program is designed around the following principles:

• Least privilege and role-based access to systems and data.
• Defense-in-depth across identity, endpoints, networks, applications, and data.
• Secure-by-default configurations and change control.
• Monitoring, logging, and continuous improvement.

Data Handling

• We collect limited information through contact and business communications and use it to respond to inquiries.
• We apply reasonable safeguards to protect information in transit and at rest, appropriate to the nature of the information.
• We restrict access to authorized personnel and service providers with a business need.

Access Management

• Identity and access controls are used to manage user and administrator access.
• Access is reviewed periodically and revoked when no longer needed.
• Administrative actions are logged where feasible.

Secure Development and Change Management

• We use standard secure software development practices, including code review and testing.
• Changes are tracked and deployed through controlled processes.
• We prioritize remediation of security issues based on risk.