Security and Compliance
Top Security Standards
At IC System, your account inventory and data remains secured through our compliance with the industry’s top security standards. We protect your data, and the data of your consumers, with our ironclad security network and highly regimented compliance protocols. All security measures are tested by more than 50 annual audits and monitored 24/7/365. Below you will find many of top security certifications and practices that IC System uses to keep our clients’ information safe and secure.
What is a FISAScore? It’s an objective industry assessment and measurement tool to identify and quantify security risk. The certification includes requirements from the ISO, IEC, COBIT5, CCS CSC, NERC and the NIST Cybersecurity Frameworks. When combined in the FISA assessment, they establish a standard for security best practices.
Our comprehensive security assessment through FRSecure takes the place of the usual SOC report by including more stringent security parameters. A SOC 2 alone will NOT show compliance with all Federal & State Laws or ensure the protection of asset classes such as medical data or specific State laws like Nevada NRS 603a or Red Flags Rule. The FRSecure assessment includes the parameters of a SOC audit, but goes even further to ensure additional compliance.
Our security auditing firm, FRSecure, set our FISAScore as “Excellent,” ranking IC System 27.3% more secure than the average competitor in our industry.
PCI DSS 3.2 Annual Certification
Many collection agencies conduct the Payment Card Industry (PCI) Data Security Standard (DSS) self-assessment, and just for the portion of their network processing credit cards (version 1). IC System completed the more stringent and externally audited, PCI DSS 3.2 Report on Compliance (RoC). This audit was performed not just on the portion of the network processing credit cards, but on our entire network. IC System is a Level 1 Service Provider, ensuring we process, store, and transmit ALL consumer data (not just payment info) securely.
IC System is also “On the List” with the Visa Global Registry of Service Providers, which acknowledges service providers that have shown their commitment to security by meeting the requirements of the PCI Standard.
Veracode Verified Consumer Pages
IC System’s Consumer Payment Portal and Consumer Self Service Portal have been Vericode Verified. We protect sensitive consumer data with web pages that use highly secure code. Vericode verifies the secure development process around these applications.
The Veracode Verified Standard represents that the following application security practices are embedded into the software development process to ensure consumer data is protected:
- Assessment of first-party code using static analysis
- Documentation that the application does not allow Very High flaws in its first-party code
- Developer access to remediation guidance Verified Standard is the first of three (3) tiers representing the Verified program
SOC 2 Type II Certified
IC System holds a Soc 2 Type II Certification. Our infrastructure’s hardware, software, personnel, and data handling procedures meet the security standards of the Service Organization Control (SOC) 2 Type II audit. Using the latest technology and highest quality solutions, we have the organizational and systemic safeguards in place to protect your consumers’ data.
GLBA Safeguards Rule
IC System is compliant with the Gramm-Leach-Bliley Act (GLBA), or Financial Services Modernization Act of 1996, and certified to collect and store consumer data with security and confidentiality. The GLBA is a federal law that governs how financial institutions handle the private information of consumers. The GLBA regulates third-party collection agencies to:
- Ensure the security and confidentiality of customer records and information
- Protect against any anticipated threats or hazards to the security or integrity of such records
- Protect against unauthorized access to or use of such records or information which could result
IC System is audited for compliance with the Health Insurance Portability & Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish security provisions, safeguarding rules, and confidentiality concerns regarding the transmission, use, and storage of healthcare information.
IC System is certified for over 100 security and compliance management controls set forth by the International Organization for Standardization. The ISO 27002 offers recommendations and best practices on information security and data management to ensure confidentiality, integrity, and availability of information.
Federal Trade Commission’s Red Flags Rule
IC System has implemented an Identity Theft Prevention Program to adhere to the Federal Trade Commission (FTC) Red Flags Rule (“Red Flags Rule”). The Red Flags Rule requires businesses to implement an Identity Theft Prevention Program designed to identify warning signs (e.g. red flags) of identity theft in their procedures. Our company’s Identity Theft Prevention Program is regularly audited for compliance.
ACA’s PPMS Certification
The PPMS certification recognizes IC System’s efforts to develop, implement, and adhere to a set of collection industry-specific, professional practices and policies. To retain its certification, IC System is subject to periodic audits and compliance checks. Additionally, ACA International’s PPMS requires that IC System pursues ongoing initiatives that promote process improvements and client satisfaction. Included below are the elements that make up the PPMS Certification.
Women-Owned Business Enterprise Certified
The Supplier Clearinghouse for the Utility Supplier Diversity Program of the California Public Utilities Commission has certified IC System as a Women-Owned Business Enterprise (WBE). Companies certified by the Supplier Clearinghouse as women-owned must demonstrate they are at least 51% owned by one or more women and that women are influential in the company’s management and daily operations. The California Public Utilities Commission audits and verifies the status of WBEs while establishing and maintaining a directory of certified vendors. The Clearinghouse audit and verification program precludes the need for our business partners to conduct additional audits to verify IC System’s commitment to workplace diversity.