Compliance and Security
Top Security Standards
At IC System, your account inventory and data remains secured through our compliance with the industry’s top security standards. We protect your data, and the data of your consumers, with our ironclad security network and highly regimented compliance protocols. All security measures are tested by more than 50 annual audits and monitored 24/7/365. Below you will find many of top security certifications and practices that IC System uses to keep our clients’ information safe and secure.
What is a FISAScore? It’s an objective industry assessment and measurement tool to identify and quantify security risk. The certification includes requirements from the ISO, IEC, COBIT5, CCS CSC, NERC and the NIST Cybersecurity Frameworks. When combined in the FISA assessment, they establish a standard for security best practices.
Our comprehensive security assessment through FRSecure takes the place of the usual SOC report by including more stringent security parameters. A SOC 2 alone will NOT show compliance with all Federal & State Laws or ensure protection of asset classes such as medical data or specific State laws like Nevada NRS 603a or Red Flags Rule. The FRSecure assessment includes the parameters of a SOC audit, but goes even further to ensure additional compliance.
Our security auditing firm, FRSecure, set our FISAScore as “Good,” ranking IC System nearly 30% more secure than the average competitor in our industry.
PCI DSS 3.2 Annual Certification
Many collection agencies conduct the Payment Card Industry (PCI) Data Security Standard (DSS) self-assessment, and just for the portion of their network processing credit cards (version 1). IC System completed the more stringent and externally audited, PCI DSS 3.2 Report on Compliance (RoC). This audit was performed not just on the portion of the network processing credit cards, but on our entire network. IC System is a Level 1 Service Provider, ensuring we process, store, and transmit ALL consumer data (not just payment info) securely.
IC System is audited for compliance with the Health Insurance Portability & Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish security provisions, safeguarding rules, and confidentiality concerns regarding the transmission, use, and storage of healthcare information.
GLBA Safeguards Rule
IC System is compliant with the Gramm-Leach-Bliley Act (GLBA), or Financial Services Modernization Act of 1996, and certified to collect and store consumer data with security and confidentiality. The GLBA is a federal law that governs how financial institutions handle the private information of consumers. The GLBA regulates third-party collection agencies to:
• Ensure the security and confidentiality of customer records and information
• Protect against any anticipated threats or hazards to the security or integrity of such records
• Protect against unauthorized access to or use of such records or information which could result
Federal Trade Commission’s Red Flags Rule
IC System has implemented an Identity Theft Prevention Program to adhere to the Federal Trade Commission (FTC) Red Flags Rule (“Red Flags Rule”). The Red Flags Rule requires businesses to implement an Identity Theft Prevention Program designed to identify warning signs (e.g. red flags) of identity theft in their procedures. Our company’s Identity Theft Prevention Program is regularly audited for compliance.
IC System is certified for over 100 security and compliance management controls set forth by the International Organization for Standardization. The ISO 27002 offers recommendations and best practices on information security and data management to ensure confidentiality, integrity, and availability of information.