Environmental, Social & Governance

Data Privacy and Security

Guided by our code of conduct and shared values, NCR is committed to taking measures to protect and secure information belonging to our stakeholders, including customers, business partners, suppliers, employees and shareholders. Taking appropriate actions designed to prevent the unauthorized use or disclosure of information is critical in fostering the trusted relationships that help drive our company’s future success.

Oversight

At NCR, we’re proud of our data protection, cybersecurity and privacy programs.

Our board of director’s risk committee provides oversight of these programs, along with oversight from several members of our executive leadership team, including the chief operations officer, general counsel, chief information officer and chief technology officer. Our vice president, chief information security officer and vice president, chief privacy officer are responsible for managing these programs. Our vice president, chief ethics & compliance officer provides additional support.

We operationalize data protection and security programs through the development, maintenance and enforcement of numerous policies and procedures. The personal information and other data that we process and store are increasingly subject to data security and privacy obligations and laws of many jurisdictions, which are growing in complexity and sophistication. NCR:

  • Invests in and supports data protection and security
  • Performs risk assessments and audits on technology and practices affecting data
  • Evaluates the governance of our programs
  • Conducts training and awareness-raising
  • Maintains cross-functional teams focused on data protection and security

Data privacy

NCR supports appropriate privacy protections for those with whom we interact. We foster a culture that values the privacy rights of individuals. Under the direction of NCR’s chief privacy officer, the program offers thought leadership, advice and guidance on privacy practices such as:

  • Complying with privacy laws and regulations
  • Designing solutions with privacy in mind
  • Implementing contracts governing intracompany activities
  • Minimizing the collection of data
  • Providing meaningful notice and choice
  • Safeguarding information

The program is supported by privacy attorneys, privacy program managers within the business and data protection officers in various locations internationally. Many of these privacy professionals have industry recognized privacy certifications from the International Association of Privacy Professionals. The Privacy Office also oversees personal data requests from individuals.

More information on our privacy practices can be found in NCR’s Privacy Policy.

Data security

Under the direction of NCR’s chief information security officer, the Global Information Security organization is responsible for implementing and maintaining an information security program with the goal to protect information technology resources and protect the confidentiality and integrity of data gathered on our people, partners, customers, and business assets. The Global Information Security organization relies on operational teams to engineer, operate and maintain the security infrastructure.

NCR maintains the ISO 27001 certification for certain NCR locations throughout the United States, Europe and India. Also, we employ various information technology and protection methods designed to promote data security including firewalls, intrusion prevention systems, denial of service detection, anomaly based detection, anti-virus/anti-malware, endpoint encryption and detection and response software, Security Information and Event Management system, identity management technology, security analytics, multi-factor authentication and encryption. 

NCR has established management measures in place to respond quickly, effectively, and appropriately to a suspected security or privacy incident.  NCR’s data security program also includes:

  • Third party audits for PCI-DSS, PA-DSS and SSAE-18 SOC2 are conducted for certain service offerings 
  • A robust information security awareness program that requires all employees to complete training within 30 days of hire, as well as an annual refresher course
  • Regular testing to help ensure employees can identify email “phishing” attacks
  • Corporate insurance that includes certain information security risk policies that cover network security, privacy and cyber events

Products & services

NCR does business globally and understands the privacy and security landscape is evolving.  Our products and services, including our cloud and hosted solutions as well as our end-to-end payment processing business, facilitate financial and other transactions for customers in the industries we serve. We design them so customers can deploy them in various ways depending on the solution and their local requirements. NCR also works with customers to enable them to meet the needs of the various markets in which they operate.