E-Complish Achieves PCI DSS, HIPAA, SOC 2, and Nacha Recertifications
Continuing a flurry of accomplishments that have also included acquisitions, new partnerships, and additions to its menu of solutions, E-Complish has - for the 13th consecutive year - been certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS). Additionally, the payment solutions and services provider has been recertified for its compliance with standards contained in the Security Rule component of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as with SOC 2 criteria developed by the
E-Complish remains fully adherent to DSS 3.2.1, the strictest, all-encompassing version of PCI-DSS standards to date. Developed and enforced by the
E-Complish is a designated Level 1 PCI-DSS 3.2.1 Service Provider—the highest of four merchant levels. To hold this designation and to be certified as PCI-compliant, the company must undergo an assessment by a third-party Qualifies Security Assessor (QSA) to evaluate whether and to what extent it meets the requirements outlined in the 12 sections of the PCI-DSS 3.2.1. The requirements encompass more than 300 elements, and the QSA must obtain several thousand pieces of evidence and conduct a physical inspection in conducting its assessment.
In addition, the successful completion of a security assessment by a third-party firm also led to the recertification of E-Complish's compliance with HIPAA. Applicable to all entities that handle patients' protected electronic health information (ePHI), HIPAA comprises physical, network, and process security standards. These entities must, in accordance with the HIPAA Security Rule, implement and exercise administrative, physical, and technical safeguards to ensure the security of ePHI.
The HIPAA security assessment entailed an exhaustive, meticulous review of policies and procedures, network and data flow diagrams; physical and environmental security; disaster recovery backup processes; vulnerability management; penetration testing, system hardening standards, and other pertinent areas. The independent third-party security audit also closely examined E-Complish's patch management; access control; data storage, logging, auditing; security monitoring and incident response practices and methods.
Similarly, E-Complish's SOC 2 recertification follows an assessment by outside auditors who investigated the extent to which the payment solutions provider complies with one or more of the five trust principles based on systems and processes in place at the company. These trust principles include security (protection of system resources against unauthorized access), availability (accessibility of systems, products, or services as stipulated by contract or service level agreement), and processing integrity (offering complete, valid, accurate, timely, and authorized data processing). Two additional trust principles center on the preservation of data confidentiality (via encryption, network, and application firewalls, and rigorous access controls) and privacy (the collection, use, retention, disclosure, and disposal of customers' personal information in conformity with individual organizations' privacy notice, along with criteria outlined in the AICPA's generally accepted privacy principles.
Rounding it out, the rules-based ACH audit, conducted by Accredited ACH Professional, included an in-depth examination of each facet of E-Complish's ACH operations, from receipt processes and internal and external origination to related agreements and forms. "Nacha requires every participating financial institution and Third-Party Sender/Service Provider to conduct an annual audit of its ACH operations and related processes," noted E-Complish ACH Analyst
E-Complish CEO and Chief Security Officer
"The risk of data breaches and compromise is increasing every day and will continue to increase as perpetrators develop new schemes and ways to perpetuate them," Price said. "This makes it more important than ever for merchants to go the extra mile when it comes to data protection. Choosing a PCI-, HIPAA-, SOC 2- and Nacha-compliant payment processing partner is one effective way to do so. By certifying our compliance, we can be that partner now and going forward."
E-Complish Press Contact
888-847-7744, ext. 205
Press Release Service
by
Newswire.com


Fannie Mae Executes Credit Insurance Risk Transfer Transaction on $23.1 Billion of Single-Family Loans
AM Best Director to Join Private Equity & Life Insurance Panel at LIMRA-Hosted Conference
Advisor News
- Demonstrating the value of life insurance to Gen Z
- Poor money habits are a dealbreaker in a new relationship
- DC plan sponsors see opportunity in alternatives
- The American Dream: Redefined as financial stability
- Partial annuitization: How advisors can help clients balance income, growth
More Advisor NewsAnnuity News
- CA judge certifies class action in teachers’ lawsuit over in-plan annuity fees
- Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
- AM Best Managing Director Joins ‘Target Topics’ Podcast to Discuss State of Delegated Underwriting Authority Enterprises Market
- KBRA Assigns Rating to TruSpire Retirement Insurance Company
- Partial annuitization: How advisors can help clients balance income, growth
More Annuity NewsHealth/Employee Benefits News
- OCWNY to hold seminar for disability beneficiaries Friday
- Atrium pushes back after State Health Plan leaves healthcare network out of Tier 1
- Douglas Veterans Claims Clinic Connects Rural Veterans With Critical Services
- Atrium pushes back after State Health Plan leaves healthcare network out of Tier 1
- Connecticut health insurance exchange shifts enrollment dates after federal changes
More Health/Employee Benefits NewsLife Insurance News
- Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
- AM Best Upgrades Credit Ratings of Sagicor Financial Company Ltd. and Most of Its Subsidiaries
- Trust, technology and the future of claims
- New York Life Launches an Indemnity Benefit for its Asset Flex Long-Term Care Insurance Solution
- AM Best Affirms Credit Ratings of DB Insurance Co., Ltd.
More Life Insurance News