Data Security & PrivacyNCSBN's Dedication to Security

Security at Every Step

NCSBN understands the important role technology, data security, and governance have in today’s environment. We are dedicated in maintaining governance, risk management, and compliance to ensure strong security controls and a culture of protection. NCSBN is aligned with the NIST SP 800 53 Rev. 5 moderate framework, an industry-leading standard for privacy and cybersecurity controls.

Data Security Controls

NCSBN uses multiple security controls to help protect data across all our platforms.

Encryption

All personal and sensitive data is encrypted using strong AES-256 encryption. Our websites maintain TLS certificates for secure HTTPS connections, and our databases are protected with Transparent Data Encryption (TDE).

Access Control

We use multi-factor authentication (MFA), complex passwords, and automatic lockouts to prevent unauthorized access. Staff only access the data they need — nothing more.

Monitoring & Testing

We maintain continuous threat monitoring and conduct regular internal and third-party security assessments, including penetration testing and vulnerability scanning. We also implement frequent patching and automated threat detection and protection measures.

Vendor Oversight

Our vendors include GovRAMP-certified assessors, penetration testers, and 24/7 monitoring partners. We assess all vendors who process personal data to ensure they meet our security standards. We never allow vendors to use your data for their own purposes.

Risk Management & Incident Response

We take a proactive, comprehensive approach to managing technology risks to protect the information and services people rely on. NCSBN follows a comprehensive data privacy and security incident response plan to ensure timely remediation if an incident or breach arise.

Privacy-by-Design

Our privacy-by-design approach ensures you have control over your data and privacy settings. NCSBN offers a variety of ways you can manage your privacy.

  • Request a copy of your personal data

  • Ask us to correct or delete your data

  • Opt-in/opt-out of marketing communications

  • Opt-in to cookies

  • Contact us directly with privacy questions

Privacy Policy

We publish our privacy policy publicly and give you clear options to opt out of communications or data uses. We only retain data as long as necessary — and then we delete it securely.

Biometric Data Protection

We use biometric technology (like palm vein or fingerprint scans) in limited, secure ways — such as verifying identity during exams or logging into staff devices.

Our Promise

  • We never store raw biometric images

  • We encrypt biometric templates and store them securely

  • We never sell or share biometric data

  • We delete biometric data when it’s no longer needed

  • We always obtain your consent before using biometric features

Full Biometric Data Policy

Français

This is the image description.

NCSBN Internal Biometric Data Policy

Last Updated: 1/30/2023

The NCSBN Internal Biometric Policy covers the use of biometrics for NCSBN-issued devices for members of its Board of Directors (BOD) and staff. NCSBN staff and BOD members can obtain a copy of the policy by request.