NICE has a complete set of internal security policies and procedures. NICE policies and procedures are under the governance of appropriate officers. They are updated and audited annually. These policies are not public. NICE employees must comply with these policies upon completion of their onboarding training. These policies include the following principles:
-
All new NICE employees undergo a full background check. This check includes the following.
-
Drug screening
-
Previous employment history
-
OIG
-
SAM
-
EPLS
-
OFAC check administered by recognized third-party assessors
-
Criminal check that spans the past 10 years
-
For employees who work in financially sensitive areas: a credit check
-
-
NICE employs separation of duties, RBAC, and MFA for critical systems, programs, and data to limit access to only appropriate users and job descriptions.
-
NICE secures its corporate facilities with a card-controlled access system. The company requires all visitors to be badged and accompanied while in the office.
-
All employees receive the following trainings on a yearly basis:
-
Security awareness training.
-
Code of ethics training.
-
Sexual harassment training.
-
GDPR training.
-
Policy and procedure training.
-
-
NICE has documented computer and NIST-based network security policies and processes that govern all corporate users. Standard operating procedures are documented to memorialize key company processes. They are accessible to all employees.
-
Annual third-party audits and frequent internal audits are performed.
-
The Operations Department maintains and follows a documented Point-of-Presence (POP) site work policy.