Security and Compliance
Top Security Standards
At IC System, your account inventory and data remain secure through our compliance with the industry’s top security standards. We protect your data, and the data of your consumers, with our ironclad security network and highly regimented compliance protocols. All security measures are tested by more than 50 annual audits and monitored 24/7/365. Below you will find many of the top security certifications and practices that IC System uses to keep our clients’ information safe and secure.
What is a FISAScore? It’s an objective industry assessment and measurement tool to identify and quantify security risk. The certification includes requirements from the ISO, IEC, COBIT5, CCS CSC, NERC and the NIST Cybersecurity Frameworks. When combined in the FISA assessment, they establish a standard for security best practices.
Our comprehensive security assessment through FRSecure takes the place of the usual SOC report by including more stringent security parameters. A SOC 2 alone will NOT show compliance with all Federal & State Laws or ensure the protection of asset classes such as medical data or specific State laws like Nevada NRS 603a or Red Flags Rule. The FRSecure assessment includes the parameters of a SOC audit, but goes even further to ensure additional compliance.
Our security auditing firm, FRSecure, set our FISAScore as “Excellent,” ranking IC System 27.3% more secure than the average competitor in our industry.
ICE™ – IC System’s Intelligent Collection Engine
Our innovative proprietary software, ICE™ (Intelligent Collections Engine) is designed, developed, and maintained at our St. Paul, MN. ICE™ incorporates industry rich features capturing every dimension of the receivable management business.
Modules within ICE™ are specifically designed to support critical areas of the business: Client Online Tools, Regulatory Compliance, Collector Productivity, and Consumer Affairs are seamlessly integrated.
ICE™ incorporates the experience and knowledge gained over our eight decades in the collections industry.
ICE™ provides an interface between the collector and the data provided by the client. It is flexible and adaptable to allow for the acceptance of virtually any file structure. As contact with a consumer is made, unique account information is displayed for the customer service representative to access as they engage in conversation with the consumer.
ICE™ was developed for maximum productivity and compliance, complete customization capabilities, and unmatched data/analytic functions. Moreover, the ICE™ system also has extensive reporting capabilities, with over 50 standard reports available today and the ability to develop custom reports required.
PCI DSS 3.2 Annual Certification
Many collection agencies conduct the Payment Card Industry (PCI) Data Security Standard (DSS) self-assessment, and just for the portion of their network processing credit cards (version 1). IC System completed the more stringent and externally audited, PCI DSS 3.2 Report on Compliance (RoC). This audit was performed not just on the portion of the network processing credit cards, but on our entire network. IC System is a Level 1 Service Provider, ensuring we process, store, and transmit ALL consumer data (not just payment info) securely.
IC System is also “On the List” with the Visa Global Registry of Service Providers, which acknowledges service providers that have shown their commitment to security by meeting the requirements of the PCI Standard.
Veracode Verified Consumer Pages
IC System’s Consumer Payment Portal and Consumer Self Service Portal have been Vericode Verified. We protect sensitive consumer data with web pages that use highly secure code. Vericode verifies the secure development process around these applications.
The Veracode Verified Standard represents that the following application security practices are embedded into the software development process to ensure consumer data is protected:
- Assessment of first-party code using static analysis
- Documentation that the application does not allow Very High flaws in its first-party code
- Developer access to remediation guidance Verified Standard is the first of three (3) tiers representing the Verified program
SOC 2 Type II Certified
IC System holds a Soc 2 Type II Certification. Our infrastructure’s hardware, software, personnel, and data handling procedures meet the security standards of the Service Organization Control (SOC) 2 Type II audit. Using the latest technology and highest quality solutions, we have the organizational and systemic safeguards in place to protect your consumers’ data. View IC System’s SOC 3 report from our independent service auditor.
IC System is certified for over 100 security and compliance management controls set forth by the International Organization for Standardization. The ISO 27002 offers recommendations and best practices on information security and data management to ensure confidentiality, integrity, and availability of information.
IC System is audited for compliance with the Health Insurance Portability & Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish security provisions, safeguarding rules, and confidentiality concerns regarding the transmission, use, and storage of healthcare information.
Women-Owned Business Enterprise Certified
The Supplier Clearinghouse for the Utility Supplier Diversity Program of the California Public Utilities Commission has certified IC System as a Women-Owned Business Enterprise (WBE). Companies certified by the Supplier Clearinghouse as women-owned must demonstrate they are at least 51% owned by one or more women and that women are influential in the company’s management and daily operations. The California Public Utilities Commission audits and verifies the status of WBEs while establishing and maintaining a directory of certified vendors. The Clearinghouse audit and verification program precludes the need for our business partners to conduct additional audits to verify IC System’s commitment to workplace diversity.
ACA’s PPMS Certification
The PPMS certification recognizes IC System’s efforts to develop, implement, and adhere to a set of collection industry-specific, professional practices and policies. To retain its certification, IC System is subject to periodic audits and compliance checks. Additionally, ACA International’s PPMS requires that IC System pursues ongoing initiatives that promote process improvements and client satisfaction. Included below are the elements that make up the PPMS Certification.
GLBA Safeguards Rule
IC System is compliant with the Gramm-Leach-Bliley Act (GLBA), or Financial Services Modernization Act of 1996, and certified to collect and store consumer data with security and confidentiality. The GLBA is a federal law that governs how financial institutions handle the private information of consumers. The GLBA regulates third-party collection agencies to:
- Ensure the security and confidentiality of customer records and information
- Protect against any anticipated threats or hazards to the security or integrity of such records
- Protect against unauthorized access to or use of such records or information which could result
Federal Trade Commission’s Red Flags Rule
IC System has implemented an Identity Theft Prevention Program to adhere to the Federal Trade Commission (FTC) Red Flags Rule (“Red Flags Rule”). The Red Flags Rule requires businesses to implement an Identity Theft Prevention Program designed to identify warning signs (e.g. red flags) of identity theft in their procedures. Our company’s Identity Theft Prevention Program is regularly audited for compliance.