At NCR, we’re proud of our data protection, cybersecurity and privacy programs.
Our board of directors’ risk committee provides oversight of these programs, along with oversight from several members of our executive leadership team, including the chief operations officer, general counsel, chief information officer and chief technology officer. Our vice president, chief information security officer and vice president, chief privacy officer are responsible for managing these programs. Our vice president, chief ethics & compliance officer provides additional support.
We operationalize data protection and security programs through the development, maintenance and enforcement of numerous policies and procedures. The personal information and other data that we process and store are increasingly subject to data security and privacy obligations and laws of many jurisdictions, which are growing in complexity and sophistication. NCR:
NCR supports appropriate privacy protections for those with whom we interact. We foster a culture that values the privacy rights of individuals. Under the direction of NCR’s chief privacy officer, the program offers thought leadership, advice and guidance on privacy practices such as:
The program is supported by privacy attorneys, privacy program managers within the business and data protection officers in various locations internationally. Many of these privacy professionals have industry recognized privacy certifications from the International Association of Privacy Professionals. The Privacy Office also oversees personal data requests from individuals.
Under the direction of NCR’s chief information security officer, the Global Information Security organization is responsible for implementing and maintaining an information security program with the goal to protect information technology resources and protect the confidentiality and integrity of data gathered on our people, partners, customers, and business assets. The Global Information Security organization relies on operational teams to engineer, operate and maintain the security infrastructure.
NCR maintains the ISO 27001 certification for certain NCR locations throughout the United States, Europe and India. Also, we employ various information technology and protection methods designed to promote data security including firewalls, intrusion prevention systems, denial of service detection, anomaly based detection, anti-virus/anti-malware, endpoint encryption and detection and response software, Security Information and Event Management system, identity management technology, security analytics, multi-factor authentication and encryption.
NCR has established management measures in place to respond quickly, effectively, and appropriately to a suspected security or privacy incident. NCR’s data security program also includes:
NCR does business globally and understands the privacy and security landscape is evolving. Our products and services, including our cloud and hosted solutions as well as our end-to-end payment processing business, facilitate financial and other transactions for customers in the industries we serve. We design them so customers can deploy them in various ways depending on the solution and their local requirements. NCR also works with customers to enable them to meet the needs of the various markets in which they operate.