NCVSI Data Protection & Security Policy
At Nursing Credentials & Verification Services International (NCVSI), protecting the confidentiality, integrity, and availability of user data is central to our mission. This policy outlines how we safeguard personal, academic, and institutional information across our systems.
1. Encryption & Data Storage
- All user data is encrypted in transit (TLS 1.2+) and at rest (AES-256) using industry-standard protocols.
- Sensitive data such as identification documents, academic transcripts, and institutional approvals are stored in hardened cloud infrastructure with restricted access.
- Backups are maintained regularly to prevent data loss and ensure business continuity.
2. Access Control & Role Management
Role-based access ensures that:
- Students can only view their own application status.
- Institutions can only access transcripts of their own graduates.
- Verifiers can only access transcripts they are authorized to receive.
- All access to data is logged and timestamped, including user ID, IP address, and action performed.
- NCVSI staff access is restricted by function and audited quarterly.
3. Network & Infrastructure Security
The NCVSI platform is protected by:
- Firewalls and Intrusion Detection Systems (IDS)
- Multi-Factor Authentication (MFA) for admin access
- Geo-fencing restrictions for sensitive operations
Our cloud hosting partner meets or exceeds ISO 27001, SOC 2, and GDPR compliance.
4. Document Integrity & Watermarking
All digital transcripts and letters processed via NCVSI are:
- Digitally sealed using a tamper-evident hash
- Time-stamped upon creation and delivery
- Watermarked with recipient information to prevent misuse or duplication
Access links are password-protected and expire after a defined period (e.g., 14 days).
5. Monitoring & Incident Response
NCVSI has 24/7 monitoring in place to detect unauthorized access, suspicious activity, or service anomalies.
In the event of a security incident:
- Users will be notified within 72 hours
- Data will be quarantined and restored from secure backups
- A full investigation and root-cause analysis will be conducted
6. Compliance Framework
NCVSI is committed to meeting and maintaining standards under:
- Nigeria Data Protection Regulation (NDPR)
- General Data Protection Regulation (GDPR – EU)
- ISO 27001 and 27018 recommendations
- Best practices for digital health and education systems
7. User Responsibility
Users are expected to:
- Use strong passwords and secure their login credentials
- Log out after completing sessions on public or shared devices
- Report suspicious activity via support@ncvsi.com
8. Policy Updates
This policy may be updated from time to time to reflect technical, legal, or regulatory changes. Users will be notified of major updates through platform notifications or email.
Questions or Concerns?
If you have any questions about our Data Protection & Security Policy, please contact us:
- Email: support@ncvsi.com
- General Inquiries: info@ncvsi.com
- Phone: +234 (0) 708-180-1480
- Address: Suit CC12, Apo Sparklight Mall, Durumi, F.C.T, Abuja.