Environmental, Social & Governance

Data Privacy and Security

Guided by our code of conduct and shared values, NCR is committed to taking measures to protect and secure information belonging to our stakeholders, including customers, business partners, suppliers, employees and shareholders. Taking appropriate actions designed to prevent the unauthorized use or disclosure of information is critical in fostering the trusted relationships that help drive our company’s future success.


At NCR, we’re proud of our data protection, cybersecurity and privacy programs.

Our board of directors’ risk committee provides oversight of these programs, along with oversight from several members of our executive leadership team, including the chief operations officer, general counsel, chief information officer and chief technology officer. Our vice president, chief information security officer and vice president, chief privacy officer are responsible for managing these programs. Our vice president, chief ethics & compliance officer provides additional support.

We operationalize data protection and security programs through the development, maintenance and enforcement of numerous policies and procedures. The personal information and other data that we process and store are increasingly subject to data security and privacy obligations and laws of many jurisdictions, which are growing in complexity and sophistication. NCR:

  • Invests in and supports data protection and security
  • Performs risk assessments and audits on technology and practices affecting data
  • Evaluates the governance of our programs
  • Conducts training and awareness-raising
  • Maintains cross-functional teams focused on data protection and security

Data privacy

NCR supports appropriate privacy protections for those with whom we interact. We foster a culture that values the privacy rights of individuals. Under the direction of NCR’s chief privacy officer, the program offers thought leadership, advice and guidance on privacy practices such as:

  • Complying with privacy laws and regulations
  • Designing solutions with privacy in mind
  • Implementing contracts governing intracompany activities
  • Minimizing the collection of data
  • Providing meaningful notice and choice
  • Safeguarding information

The program is supported by privacy attorneys, privacy program managers within the business and data protection officers in various locations internationally. Many of these privacy professionals have industry recognized privacy certifications from the International Association of Privacy Professionals. The Privacy Office also oversees personal data requests from individuals.

More information on our privacy practices can be found in NCR’s Privacy Policy.

Data security and assurance

Under the direction of NCR’s Chief Security Officer and Chief Information Security Officer, the Global Information Security organization is responsible for implementing and maintaining an information security program with the goal to protect information technology resources and protect the confidentiality and integrity of data gathered on our people, partners, customers, and business assets. The Global Information Security organization relies on operational teams to engineer, operate and maintain the security infrastructure.

NCR has established management measures in place to respond quickly, effectively, and appropriately to a suspected security or privacy incident. NCR’s  data security program also includes:

  • Maintenance of the ISO 27001 certification for certain locations throughout the United States, Europe, and India
  • Third-party audits for PCI-DSS, PA-DSS and SSAE-18 SOC2 for certain service offerings
  • A robust information security awareness and training program
  • Corporate insurance that includes certain information security risk policies that cover network security, privacy and cyber events
  • Maintenance of the NCR Privacy Policy

Training and processes

All employees (including full-time, part-time, and contract workers) with access to the NCR network must complete information and security awareness training within 30 days of hire, as well as an annual refresher course. NCR performs regular testing to ensure that employees can identify email “phishing” attacks and remain vigilant against potential data privacy and security threats. We protect and prevent attacks on our data through various information technology and data protection mechanisms. We are leveraging relationships with cybersecurity firms and internal cybersecurity experts along with the processes listed below:

  • Firewalls and intrusion prevention systems
  • Denial of service detection
  • Identity management technology
  • Anomaly-based detection
  • Anti-virus/anti-malware
  • Endpoint encryption
  • Security analytics
  • Detection and response software
  • Security Information and Event Management (“SIEM”) system
  • Multi-factor authentication and encryption

We have established management measures to respond quickly, effectively, and appropriately to suspected security or privacy incident. We also regularly evaluate our protections against incidents, including self-assessments and expert third-party assessments. We periodically enhance those protections as part of the efforts to stay current with advances in cybersecurity defense. When we confirm a cybersecurity incident, we immediately perform root cause analyses and implement additional controls based on those analyses in appropriate instances.

Products & services

NCR does business globally and understands the privacy and security landscape is evolving.  Our products and services, including our cloud and hosted solutions as well as our end-to-end payment processing business, facilitate financial and other transactions for customers in the industries we serve. We design them so customers can deploy them in various ways depending on the solution and their local requirements. NCR also works with customers to enable them to meet the needs of the various markets in which they operate.