At NCR, we’re proud of our data protection, cybersecurity and privacy programs.
Our board of directors’ risk committee provides oversight of these programs, along with oversight from several members of our executive leadership team, including the chief operations officer, general counsel, chief information officer and chief technology officer. Our vice president, chief information security officer and vice president, chief privacy officer are responsible for managing these programs. Our vice president, chief ethics & compliance officer provides additional support.
We operationalize data protection and security programs through the development, maintenance and enforcement of numerous policies and procedures. The personal information and other data that we process and store are increasingly subject to data security and privacy obligations and laws of many jurisdictions, which are growing in complexity and sophistication. NCR:
NCR supports appropriate privacy protections for those with whom we interact. We foster a culture that values the privacy rights of individuals. Under the direction of NCR’s chief privacy officer, the program offers thought leadership, advice and guidance on privacy practices such as:
The program is supported by privacy attorneys, privacy program managers within the business and data protection officers in various locations internationally. Many of these privacy professionals have industry recognized privacy certifications from the International Association of Privacy Professionals. The Privacy Office also oversees personal data requests from individuals.
Under the direction of NCR’s Chief Security Officer and Chief Information Security Officer, the Global Information Security organization is responsible for implementing and maintaining an information security program with the goal to protect information technology resources and protect the confidentiality and integrity of data gathered on our people, partners, customers, and business assets. The Global Information Security organization relies on operational teams to engineer, operate and maintain the security infrastructure.
NCR has established management measures in place to respond quickly, effectively, and appropriately to a suspected security or privacy incident. NCR’s data security program also includes:
All employees (including full-time, part-time, and contract workers) with access to the NCR network must complete information and security awareness training within 30 days of hire, as well as an annual refresher course. NCR performs regular testing to ensure that employees can identify email “phishing” attacks and remain vigilant against potential data privacy and security threats. We protect and prevent attacks on our data through various information technology and data protection mechanisms. We are leveraging relationships with cybersecurity firms and internal cybersecurity experts along with the processes listed below:
We have established management measures to respond quickly, effectively, and appropriately to suspected security or privacy incident. We also regularly evaluate our protections against incidents, including self-assessments and expert third-party assessments. We periodically enhance those protections as part of the efforts to stay current with advances in cybersecurity defense. When we confirm a cybersecurity incident, we immediately perform root cause analyses and implement additional controls based on those analyses in appropriate instances.
NCR does business globally and understands the privacy and security landscape is evolving. Our products and services, including our cloud and hosted solutions as well as our end-to-end payment processing business, facilitate financial and other transactions for customers in the industries we serve. We design them so customers can deploy them in various ways depending on the solution and their local requirements. NCR also works with customers to enable them to meet the needs of the various markets in which they operate.