E-Complish Achieves PCI DSS, HIPAA, SOC 2, and Nacha Recertifications
Continuing a flurry of accomplishments that have also included acquisitions, new partnerships, and additions to its menu of solutions, E-Complish has - for the 13th consecutive year - been certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS). Additionally, the payment solutions and services provider has been recertified for its compliance with standards contained in the Security Rule component of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as with SOC 2 criteria developed by the
E-Complish remains fully adherent to DSS 3.2.1, the strictest, all-encompassing version of PCI-DSS standards to date. Developed and enforced by the
E-Complish is a designated Level 1 PCI-DSS 3.2.1 Service Provider—the highest of four merchant levels. To hold this designation and to be certified as PCI-compliant, the company must undergo an assessment by a third-party Qualifies Security Assessor (QSA) to evaluate whether and to what extent it meets the requirements outlined in the 12 sections of the PCI-DSS 3.2.1. The requirements encompass more than 300 elements, and the QSA must obtain several thousand pieces of evidence and conduct a physical inspection in conducting its assessment.
In addition, the successful completion of a security assessment by a third-party firm also led to the recertification of E-Complish's compliance with HIPAA. Applicable to all entities that handle patients' protected electronic health information (ePHI), HIPAA comprises physical, network, and process security standards. These entities must, in accordance with the HIPAA Security Rule, implement and exercise administrative, physical, and technical safeguards to ensure the security of ePHI.
The HIPAA security assessment entailed an exhaustive, meticulous review of policies and procedures, network and data flow diagrams; physical and environmental security; disaster recovery backup processes; vulnerability management; penetration testing, system hardening standards, and other pertinent areas. The independent third-party security audit also closely examined E-Complish's patch management; access control; data storage, logging, auditing; security monitoring and incident response practices and methods.
Similarly, E-Complish's SOC 2 recertification follows an assessment by outside auditors who investigated the extent to which the payment solutions provider complies with one or more of the five trust principles based on systems and processes in place at the company. These trust principles include security (protection of system resources against unauthorized access), availability (accessibility of systems, products, or services as stipulated by contract or service level agreement), and processing integrity (offering complete, valid, accurate, timely, and authorized data processing). Two additional trust principles center on the preservation of data confidentiality (via encryption, network, and application firewalls, and rigorous access controls) and privacy (the collection, use, retention, disclosure, and disposal of customers' personal information in conformity with individual organizations' privacy notice, along with criteria outlined in the AICPA's generally accepted privacy principles.
Rounding it out, the rules-based ACH audit, conducted by Accredited ACH Professional, included an in-depth examination of each facet of E-Complish's ACH operations, from receipt processes and internal and external origination to related agreements and forms. "Nacha requires every participating financial institution and Third-Party Sender/Service Provider to conduct an annual audit of its ACH operations and related processes," noted E-Complish ACH Analyst
E-Complish CEO and Chief Security Officer
"The risk of data breaches and compromise is increasing every day and will continue to increase as perpetrators develop new schemes and ways to perpetuate them," Price said. "This makes it more important than ever for merchants to go the extra mile when it comes to data protection. Choosing a PCI-, HIPAA-, SOC 2- and Nacha-compliant payment processing partner is one effective way to do so. By certifying our compliance, we can be that partner now and going forward."
E-Complish Press Contact
888-847-7744, ext. 205
Press Release Service
by
Newswire.com
Fannie Mae Executes Credit Insurance Risk Transfer Transaction on $23.1 Billion of Single-Family Loans
AM Best Director to Join Private Equity & Life Insurance Panel at LIMRA-Hosted Conference
Advisor News
- Economy ‘in a sweet spot’ but some concerns ahead
- Trump, Capitol allies likely looking at quick cryptocurrency legislation
- SEC panel reviews mandatory arbitration clause in investment advisory agreements
- Financial shocks, caregiving, inflation and technology are top retirement concerns
- Proposal to raise Social Security age under fire
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Hospital association points to insurers for ongoing financial woes post-COVID
- Mangione faces federal charges in New York after extradition from Blair County
- What are pharmacy benefit managers? A health economist explains how lack of competition drives up drug prices for everyone
- Suspect in UnitedHealth executive killing faces federal murder, stalking charges
- I could shoot someone in the middle of 5th Avenue
More Health/Employee Benefits NewsLife Insurance News