What security safeguards should your collection partner have?
Data security and the importance of protecting consumer information remains a top priority for any business that gathers and stores sensitive records. Credit card numbers, personal contact information, social security numbers, and medical records could all be at risk if a business does not take the proper steps to protect themselves. This is especially true of the accounts receivable industry, which can handle all manner of business and industry types. If you supply your collection agency with sensitive or protected information, how can you ensure they have the appropriate safeguards in place to ensure your data is secure?
Compliance Audits: Internal and Third-Party
Does your current collection partner have a compliance department that performs a series of checks and balances, looking for holes in their system or areas of improvement? Every company should have documented policies, processes, and regularly scheduled audits that monitor their organization’s use and storage of sensitive data. They should also have a separate department dedicated to checking, and rechecking, to ensure compliant handling of consumer information.
In addition to having an internal auditor, your collection partner should embrace the third-party audit process. None of your partners and vendors should rely on self-audits alone. If you insist that your collection agency use a third-party security auditing firm, and then demand to see the results of those audits, you can trust that you’re working with a partner whose security meets industry standards.
For instance, many companies use an objective industry gauge like FISAScore to measure security risk. To be certified through this auditing process, a company must be evaluated in requirements including the IEC, ISO, CCS CSC, NERC, COBIT5, and the NIST Cybersecurity Frameworks. Making sure your collection partner has gone through this auditing process will better establish that you’re working with a trusted vendor.
There are a lot of security certifications out there, and not all of them are created equal. But if you’re dealing with consumer information, there are a few standard certifications you’ll want your partner to have. Many companies use the Payment Card Industry (PCI) Data Security Standard (DSS) self-assessment to ensure that their system can protect consumer credit card information. However, self-assessments are never quite as rigorous or thorough as a third-party assessment. Make sure your partner is externally audited. Moreover, if they have the most stringent PCI DSS 3.2 Annual Certification, that means they protect all consumer information, not just credit card info.
There’s an entire alphabet soup you should look for when vetting a partner. Some, but not all, of the most critical security certifications include: the Gramm-Leach-Bliley Act (GLBA), International Organization for Standardization (ISO), Federal Trade Commission (FTC) Red Flags Rule (“Red Flags Rule”), and several more. For the healthcare industry, look for compliance with the Health Insurance Portability & Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act.
If you’ve been paying attention to the headlines in the last few years, data breaches and breakdowns in security have become all too common. And so it’s important to look for partners and vendors who demonstrate their dedication to protecting your consumer information, especially in the accounts receivable industry. For more information on IC System’s commitment to a secure data environment, check out our Security and Compliance page.
Need collection help?
Call us at 1-800-279-3511 or REQUEST PRICING!
About the Author: Brian Eggert
Brian Eggert is a business development specialist and writer for IC System, one of the largest receivables management companies in the United States. With 18 years in the collection industry, Brian's experience includes operations, client service, proposal writing, blogging, content creation, and web development.