Security and Compliance

Top Security Standards

At IC System, your account inventory and data remain secure through our compliance with the industry’s top security standards. We protect your data, and the data of your consumers, with our ironclad security network and highly regimented compliance protocols. All security measures are tested by more than 50 annual audits and monitored 24/7/365. Below you will find many of the top security certifications and practices that IC System uses to keep our clients’ information safe and secure.

SOC 2 Type 2 & SOC 1 Type 2 Certified

IC System holds a SOC 2 Type 2 and SOC 1 Type 2 Certification. Our infrastructure’s hardware, software, personnel, and data handling procedures meet the security standards of the Service Organization Control (SOC) 2 Type 2 and SOC 1 Type 2 audits. Using the latest technology and highest quality solutions, we have the organizational and systemic safeguards in place to protect your consumers’ data.

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data (process and controls) based on five ‚Äútrust service categories‚ÄĚ‚ÄĒsecurity, availability, processing integrity, confidentiality, and privacy.

SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor like IC System complies with one or more of the five trust principles based on the systems and processes in place.

Additionally, view IC System’s 2024 SOC 3 report from our independent service auditor.

S2Score ‚ÄúExcellent‚ÄĚ Security logo


IC System underwent an organizational information security risk assessment by SecurityStudio’s S2ORG service. The results show an overall S2SCORE (or risk rating) of 728.75, which is well above the industry average.

SecurityStudio, creators of the S2SCORE (formerly FISAScore), provides companies with an easy way to assess their security posture. This gives companies like IC System the chance to better manage and convey their security stance. Their scoring service gives organizations the opportunity to measure the current state of their security, compare their status to other security projects, and identify vulnerabilities that may require attention.


PCI DSS 4.0 Annual Certification

Many collection agencies conduct the Payment Card Industry (PCI) Data Security Standard (DSS) self-assessment. IC System completed the more stringent and externally audited, PCI DSS 4.0 Report on Compliance (RoC). This audit was performed on the Card Data Environment (CDE). IC System is a Level 1 Service Provider, meaning we process, store, and transmit consumer data in the CDE securely.

IC System is also ‚ÄúOn the List‚ÄĚ with the Visa Global Registry of Service Providers, which acknowledges service providers that have shown their commitment to security by meeting the requirements of the PCI Standard.

Veracode Verified logo

Veracode Verified Consumer Pages

IC System’s Consumer Payment Portal and Consumer Self Service Portal have been Vericode Verified. We protect sensitive consumer data with web pages that use highly secure code. Vericode verifies the secure development process around these applications.
The Veracode Verified Standard represents that the following application security practices are embedded into the software development process to ensure consumer data is protected:

  • Assessment of first-party code using static analysis
  • Documentation that the application does not allow Very High flaws in its first-party code
  • Developer access to remediation guidance Verified Standard is the first of three (3) tiers representing the Verified program

ICE‚ĄĘ – IC System’s Intelligent Collection Engine

Our innovative proprietary software, ICE‚ĄĘ (Intelligent Collections Engine) is designed, developed, and maintained at our St. Paul, MN. ICE‚ĄĘ incorporates industry rich features capturing every dimension of the receivable management business.mICE‚ĄĘ incorporates the experience and knowledge gained over our eight decades in the collections industry.

ICE‚ĄĘ was developed for maximum productivity and compliance, complete customization capabilities, and unmatched data/analytic functions. Moreover, the ICE‚ĄĘ system also has extensive reporting capabilities, with over 50 standard reports available today and the ability to develop custom reports required.

ISO 27002

IC System is certified for over 100 security and compliance management controls set forth by the International Organization for Standardization. The ISO 27002 offers recommendations and best practices on information security and data management to ensure confidentiality, integrity, and availability of information.


IC System is audited for compliance with the Health Insurance Portability & Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish security provisions, safeguarding rules, and confidentiality concerns regarding the transmission, use, and storage of healthcare information.

WBE certified logo

Women-Owned Business Enterprise Certified

The Supplier Clearinghouse for the Utility Supplier Diversity Program of the California Public Utilities Commission has certified IC System as a Women-Owned Business Enterprise (WBE). Companies certified by the Supplier Clearinghouse as women-owned must demonstrate they are at least 51% owned by one or more women and that women are influential in the company’s management and daily operations. The California Public Utilities Commission audits and verifies the status of WBEs while establishing and maintaining a directory of certified vendors. The Clearinghouse audit and verification program precludes the need for our business partners to conduct additional audits to verify IC System’s commitment to workplace diversity.

IC System ACA Certification of Blueprint Quality Management System

ACA’s Blueprint Quality Management System Certified

The Blueprint Quality Management System certification recognizes IC System’s efforts to develop, implement, and adhere to a set of collection industry-specific, professional practices and policies. To retain its certification, IC System is subject to periodic audits and compliance checks. Additionally, ACA International’s Blueprint certification requires that IC System pursues ongoing initiatives that promote process improvements and client satisfaction. Included below are the elements that make up the Blueprint certification.

GLBA Safeguards Rule

IC System is compliant with the Gramm-Leach-Bliley Act (GLBA), or Financial Services Modernization Act of 1996, and certified to collect and store consumer data with security and confidentiality. The GLBA is a federal law that governs how financial institutions handle the private information of consumers. The GLBA regulates third-party collection agencies to:

  • Ensure the security and confidentiality of customer records and information
  • Protect against any anticipated threats or hazards to the security or integrity of such records
  • Protect against unauthorized access to or use of such records or information which could result

Federal Trade Commission’s Red Flags Rule

IC System has implemented an Identity Theft Prevention Program to adhere to the Federal Trade Commission (FTC) Red Flags Rule (‚ÄúRed Flags Rule‚ÄĚ). The Red Flags Rule requires businesses to implement an Identity Theft Prevention Program designed to identify warning signs (e.g. red flags) of identity theft in their procedures. Our company‚Äôs Identity Theft Prevention Program is regularly audited for compliance.

Have A Question?

Contact our team to get in touch with a friendly IC System representative.

Get In Touch