Security and Compliance
Top Security Standards
At IC System, your account inventory and data remain secure through our compliance with the industry’s top security standards. We protect your data, and the data of your consumers, with our ironclad security network and highly regimented compliance protocols. All security measures are tested by more than 50 annual audits and monitored 24/7/365. Below you will find many of the top security certifications and practices that IC System uses to keep our clients’ information safe and secure.
SOC 2 Type 2 & SOC 1 Type 2 Certified
IC System holds a SOC 2 Type 2 and SOC 1 Type 2 Certification. Our infrastructure’s hardware, software, personnel, and data handling procedures meet the security standards of the Service Organization Control (SOC) 2 Type 2 and SOC 1 Type 2 audits. Using the latest technology and highest quality solutions, we have the organizational and systemic safeguards in place to protect your consumers’ data.
Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data (process and controls) based on five “trust service categories”—security, availability, processing integrity, confidentiality, and privacy.
SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor like IC System complies with one or more of the five trust principles based on the systems and processes in place.
Additionally, view IC System’s 2021 SOC 3 report from our independent service auditor.
IC System underwent an organizational information security risk assessment by SecurityStudio’s S2ORG service. The results show an overall S2SCORE (or risk rating) of 786.07, which translates to “Excellent” on their scale from 300 (not secure) to 850 (excellent).
SecurityStudio, creators of the S2SCORE (formerly FISAScore), provides companies with an easy way to assess their security posture. This gives companies like IC System the chance to better manage and convey their security stance. Their scoring service gives organizations the opportunity to measure the current state of their security, compare their status to other security projects, and identify vulnerabilities that may require attention.
PCI DSS 3.2 Annual Certification
Many collection agencies conduct the Payment Card Industry (PCI) Data Security Standard (DSS) self-assessment, and just for the portion of their network processing credit cards (version 1). IC System completed the more stringent and externally audited, PCI DSS 3.2 Report on Compliance (RoC). This audit was performed not just on the portion of the network processing credit cards, but on our entire network. IC System is a Level 1 Service Provider, ensuring we process, store, and transmit ALL consumer data (not just payment info) securely.
IC System is also “On the List” with the Visa Global Registry of Service Providers, which acknowledges service providers that have shown their commitment to security by meeting the requirements of the PCI Standard.
Veracode Verified Consumer Pages
IC System’s Consumer Payment Portal and Consumer Self Service Portal have been Vericode Verified. We protect sensitive consumer data with web pages that use highly secure code. Vericode verifies the secure development process around these applications.
The Veracode Verified Standard represents that the following application security practices are embedded into the software development process to ensure consumer data is protected:
- Assessment of first-party code using static analysis
- Documentation that the application does not allow Very High flaws in its first-party code
- Developer access to remediation guidance Verified Standard is the first of three (3) tiers representing the Verified program
ICE™ – IC System’s Intelligent Collection Engine
Our innovative proprietary software, ICE™ (Intelligent Collections Engine) is designed, developed, and maintained at our St. Paul, MN. ICE™ incorporates industry rich features capturing every dimension of the receivable management business.mICE™ incorporates the experience and knowledge gained over our eight decades in the collections industry.
ICE™ was developed for maximum productivity and compliance, complete customization capabilities, and unmatched data/analytic functions. Moreover, the ICE™ system also has extensive reporting capabilities, with over 50 standard reports available today and the ability to develop custom reports required.
IC System is certified for over 100 security and compliance management controls set forth by the International Organization for Standardization. The ISO 27002 offers recommendations and best practices on information security and data management to ensure confidentiality, integrity, and availability of information.
IC System is audited for compliance with the Health Insurance Portability & Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish security provisions, safeguarding rules, and confidentiality concerns regarding the transmission, use, and storage of healthcare information.
Women-Owned Business Enterprise Certified
The Supplier Clearinghouse for the Utility Supplier Diversity Program of the California Public Utilities Commission has certified IC System as a Women-Owned Business Enterprise (WBE). Companies certified by the Supplier Clearinghouse as women-owned must demonstrate they are at least 51% owned by one or more women and that women are influential in the company’s management and daily operations. The California Public Utilities Commission audits and verifies the status of WBEs while establishing and maintaining a directory of certified vendors. The Clearinghouse audit and verification program precludes the need for our business partners to conduct additional audits to verify IC System’s commitment to workplace diversity.
ACA’s Blueprint Quality Management System Certified
The Blueprint Quality Management System certification recognizes IC System’s efforts to develop, implement, and adhere to a set of collection industry-specific, professional practices and policies. To retain its certification, IC System is subject to periodic audits and compliance checks. Additionally, ACA International’s Blueprint certification requires that IC System pursues ongoing initiatives that promote process improvements and client satisfaction. Included below are the elements that make up the Blueprint certification.
GLBA Safeguards Rule
IC System is compliant with the Gramm-Leach-Bliley Act (GLBA), or Financial Services Modernization Act of 1996, and certified to collect and store consumer data with security and confidentiality. The GLBA is a federal law that governs how financial institutions handle the private information of consumers. The GLBA regulates third-party collection agencies to:
- Ensure the security and confidentiality of customer records and information
- Protect against any anticipated threats or hazards to the security or integrity of such records
- Protect against unauthorized access to or use of such records or information which could result
Federal Trade Commission’s Red Flags Rule
IC System has implemented an Identity Theft Prevention Program to adhere to the Federal Trade Commission (FTC) Red Flags Rule (“Red Flags Rule”). The Red Flags Rule requires businesses to implement an Identity Theft Prevention Program designed to identify warning signs (e.g. red flags) of identity theft in their procedures. Our company’s Identity Theft Prevention Program is regularly audited for compliance.