NSLP/Inceptia is a TECH LOCK® Certified: Service Provider. Tech Lock Incorporated, a nationally recognized data security and regulatory compliance firm, has awarded its certification to NSLP for compliance with FIPS 200 (Minimum Security Requirements for Federal Information and Information Systems) and FISMA NIST SP800-53 rev 4 (Recommended Security Controls for Federal Information Systems).
Inceptia has developed a multi-tiered secure network segment for the processing and handling of Personally Identifiable Information (PII) and maintains the network and systems in compliance with the constantly evolving FISMA network. The control environment for this segment is based on the control set documented in NIST 800-53A rev. 3 and the segment is designed to be Federal Information Security Management Act (FISMA*) compliant.
Inceptia’s internal network resides behind redundant, fault-tolerant firewall architecture with telecommunications services. The network employs intrusion detection and prevention systems, continuous vulnerability scanning, and monitoring systems that alert anomalies to our operations staff in real time. Periodic internal and external third-party audits are conducted to assure continued control compliance.
Inceptia’s data center and data processing facility reside on physically secured floors of our corporate headquarters. Access to secured floors and the data center is provided based on business needs and permissions are reviewed quarterly. All building access logs are reviewed monthly. Inceptia performs background investigations on all employees, as well as contractors that will require access to PII.
The data maintained on Inceptia systems is related to student loans and financials. Student PII is not made available to anyone other than the student unless required by law.
Data transmitted to the Inceptia systems by our clients is encrypted during transmission using Secure Sockets Layer or other industry standard encryption technology. Data transferred to the Inceptia servers is processed using industry recognized best practices for data security and integrity.
Through numerous resources including legal counsel, compliance, as well as industry workgroups and trade associations, Inceptia monitors proposed and enacted changes in both federal regulations and federal, state, and local laws that may impact the delivery of the products and services described in this document. We are aware of the Family Educational Rights and Privacy Act (FERPA) as it relates to school requirements. Inceptia stays abreast of any requirements that effect student records. We also attend numerous conferences and training sessions throughout the year to track upcoming changes and stay informed of best practices pertaining to student-oriented services as well as services outside of the student arena. These conferences allow us to review new resources, tools, and technology that may lead to contacting more students and resolving more delinquencies.