NASCO’s Commitment to Security and Data Protection

According to the Identity Theft Resource Center, in 2021, national data compromises rose 68% from 2020 rates. With the uptick in data breaches and the increase in ransomware attacks, keeping customer and member data safe has never been more critical. With high-profile cyberattacks targeting industries like the country’s largest oil pipelines and popular consumer companies, millions of Americans have been impacted.

With a watchful eye on increasing cybersecurity risks, NASCO remains committed to maintaining the highest levels of security and data protection. Our processes and procedures are validated annually through our SOC 1, SOC 2, and SOC reports. These industry-standard Service Organization Controls (SOC) are established by the American Institute of Certified Public Accountants (AICPA) for reporting on the internal controls within an organization. The reports also certify that best practices and objective standards are met on financial reporting, security, privacy, confidentiality, availability and processing integrity. Conducted by an independent auditor, NASCO’s security profile is reviewed annually to assure we continue to maintain the proper controls for protecting customer and member data.

Not only are our systems reviewed and maintained, but all NASCO associates are required to complete annual compliance training on privacy and security standards and best practices for managing member data.

In addition to our SOC compliance, NASCO maintains a HITRUST certification which covers all of our key products as well as NASCO’s corporate system. With SOC certifications ensuring that our internal controls are in place, the HITRUST certification maintains the balance of our external-facing controls, providing NASCO with a multifaceted approach to security and member data protection.