Information Security Program

State Mint maintains a documented information security program covering governance, control ownership, technical safeguards, and operating procedures.

• Documented control statements for platform and operational security.
• Periodic review and updates of security controls and responsibilities.
• Security contact and escalation path maintained through the DPO channel.

Production resources are segregated from non-production workflows. Threat protection controls are used to monitor and reduce network attack risk, including perimeter controls and provider-level security telemetry.

Company endpoints are required to run anti-malware protection and security updates to reduce malware and unauthorized access risk.

• Screen lock requirements for workstations.
• Password complexity and credential hygiene standards.
• Multi-factor authentication for critical systems where supported.
• Clear-desk and device handling expectations for sensitive business information.

Access to systems processing personal data is restricted to authorized personnel on a least-privilege basis, with authentication requirements and role-based boundaries.

Sensitive data is classified and protected through encryption controls. Data in transit uses TLS-enabled transport. Sensitive token payloads are encrypted at rest before storage in application data stores.

State Mint uses an ongoing vulnerability and threat management process to identify, triage, and remediate security findings based on risk.

Security and privacy concerns should be reported to admin@nvprodvcts.com.