NSLP/Inceptia is a TECH LOCK® Certified: Service Provider. Tech Lock Incorporated, a nationally recognized data security and regulatory compliance firm, has awarded its certification to NSLP for compliance with FIPS 200 (Minimum Security Requirements for Federal Information and Information Systems) and FISMA NIST SP800-53 rev 4 (Recommended Security Controls for Federal Information Systems).
Inceptia has developed a multi-tiered secure network segment for the processing and handling of Personally Identifiable Information (PII) and maintains the network and systems in compliance with the constantly evolving FISMA network. The control environment for this segment is based on the control set documented in NIST 800-53A rev. 4 and the segment is designed to be Federal Information Security Management Act (FISMA*) compliant.
Inceptia’s internal network resides behind redundant, fault-tolerant firewall architecture with telecommunications services. The network employs intrusion detection and prevention systems, continuous vulnerability scanning, and monitoring systems that alert anomalies to our operations staff in real time. Annual internal and external third-party audits are conducted to assure continued control compliance.
Inceptia’s data center and data processing facility reside on physically secured floors of our corporate headquarters. Access to secured floors and the data center is provided based on business needs and permissions are reviewed quarterly. All building access logs are reviewed monthly. Inceptia performs background investigations on all employees and contractors that will require access to PII.
The data maintained on Inceptia systems is related to student loans and financials. Student PII is not made available to anyone other than the student unless required by law.
Data transmitted to the Inceptia systems by our clients is encrypted during transmission using FIPS 104-2 compliant encryption technology. Data transferred to the Inceptia servers is processed using industry recognized best practices for data security and integrity.