With so many options for accounts receivable companies in existence these days, many clients find it difficult to know what to look for when evaluating a potential partner for their business. One thing that should be near the top of every list is the ways in which such a partner handles sensitive data. In a modern world where hacks of credit card accounts and personal information are commonplace, the need for data security has never been higher. In order to give a better idea of what methods the highest performing companies in this space are utilizing, we took a look at IC System, a leader in the field. By reading through some of the company’s security practices below, you’ll be better equipped to understand the sometimes convoluted field of data security, especially as it relates to the accounts receivable industry.
Before diving into their security practices, a brief overview of the company will be helpful in order to understand the type of work they do. IC System was founded in 1938 by Ruth and Jack Erickson. In the years since it was created, the company has remained a family-run organization, now on its third generation of family leadership. Headquartered outside of St. Paul, Minnesota, the company focuses its efforts on helping to reach financial resolutions for clients and consumers in an upfront and fair manner. This legacy of honesty and ethical practices was put in place from the very first days of the company’s existence.
In the years since its creation, the company has seen its scope and client base increase steadily on its way to becoming one of the top accounts receivable firms in operation. In order to facilitate this upward trend in their efforts, the company has worked consistently to partner with professional organizations as well as expand its licensing throughout the country. To that end, many of those organizations still use the company as their recommended method of settling accounts, and the firm is now licensed and/or bonded in all states in the U.S.
As the company’s operations have grown, so too has its need for security. With so many clients and consumer accounts passing through its systems, the company understands the requirement for complete confidentiality when handling sensitive information. This confidentiality must not only be maintained internally, but also must be safeguarded against any who may seek out such data for their own uses. This focus on security extends to all data the company handles, including payment methods, account inventories, and personal information.
Security methodologies in use at the company are put in place by a security network that is supported by a highly regimented set of compliance protocols. These measures are tested extensively through more than fifty annual audits. They are also continuously monitored by the company’s failsafe system. These protocols are in place 24/7 and are operating throughout every day of the week, including holidays and weekends.
Use of FISAScore
One of the ways the company ensures that its data practices are meeting the high level they have set out to achieve is through the use of the FISAScore. This measurement tool utilizes a collection of industry standard assessments in order to identify and quantify security risk. In order to receive a certification from the assessment, a company must be evaluated on a number of different requirements from the IEC, ISO, CCS CSC, NERC, COBIT5, and the NIST Cybersecurity Frameworks. Taken as a collective whole, along with the FISA assessment itself, these evaluation metrics form the standard model for best practices in the accounts receivable industry. At present, the company has received a FISAScore that ranks it nearly thirty percent more secure than the average found throughout the industry.
The auditing firm that services the company, known as FRSecure, evaluates its FISAScore through a reporting method that exceeds the default industry method known as SOC. While an SOC report is often used to evaluate a company’s score, it is lacking in a few areas required to ensure the fullest data security methods possible. These gaps include an inability to account for compliance with federal laws, the safeguarding of especially sensitive data such as medical records, or adherence to certain state regulations such as the Red Flags Rule or Nevada NRS 603a. In order to attain the most comprehensive security evaluation, the FRSecure audit used by the company encompasses all of the parameters of an SOC report and then delves into the additional metrics listed above.
There is an extensive number of regulatory compliances that IC System must consider when constructing its security system. Though there are too many to name here, it will be helpful to touch on a couple in order to illustrate the thought that goes into creating such a system. The first is related to the way in which the company processes credit card payments. While many collection agencies conduct a PCI DSS self-assessment for the portion of their network that handles payment transactions, the company pursues a much more stringent PCI DSS 3.2 Annual Certification on its entire network. In addition, this evaluation is performed by a third-party auditor in order to ensure its objectivity.
Another important regulatory consideration is the Health Insurance Portability & Accountability Act, known as HIPAA. This act is usually considered along with the Health Information Technology for Economic and Clinical Health Act, known as HITECH. Taken together, HIPAA and HITECH form a basis of security practices that must be adhered to in order to protect sensitive medical information. The company uses the regulatory practices put in place by the acts in order to address confidentiality concerns related to the transmission, storage, and use of information related to healthcare.
Though companies in the accounts receivable industry must be evaluated on a wide range of practices by clients and consumers, one consideration that stands high on that list is the ways in which such a company safeguards data. In an age where data breaches have become far too commonplace, the types of information utilized by these companies on a daily basis can ill-afford to be mishandled. Through a variety of stringent protocols and regulatory methodologies, IC System has established itself as a top performer in the realm of data security. Organizations seeking to establish such high-level methodologies themselves would do well to take a look at the ways in which the company has met its current level of operation.
More about IC System at https://www.dailyforexreport.com/ic-system/