In today’s digital world, personal data is a top concern for businesses and their customers, who want to know what data is being collected, how it’s stored and how it’s used, — and, most importantly, how it’s being protected. Financial data is of heightened concern, given the enormous impact leaks, hacks and other data blunders can have on consumers’ lives.
We understand the importance of data security both to our clients and to their end customers. As such we maintain tight security controls throughout our platform. We achieve this through a variety of measures designed to secure all of the data that passes through our platform and provide peace of mind for our users and their clients.
When it comes to security measures, though, there are a lot of acronyms and jargon floating around. We wanted to take a moment to break down some of that industry terminology to show you exactly what we’re doing to keep your data safe.
Ways to Prove Security
How can customers be sure we know what we’re talking about when it comes to security and compliance? As a multi-tenant SaaS provider, it’s our responsibility to keep our platform up to date with the latest industry best practices so that our clients can rest assured their billing processes are secure. Gotransverse maintains certifications, assessments, and compliance that, simply put, are third-party confirmations that we are storing and managing data properly for our clients and their customers.
PCI DSS Level 1 Certification
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards designed to ensure all companies accepting, processing or transmitting credit card information are doing so in a secure environment. At Gotransverse we maintain PCI DSS level 1 certification.
Level 1 certification is the highest level offered by the payment card Industry, and it’s required of any merchant processing over six million credit card transactions per year. Continued compliance to PCI DSS Level 1 requires annual assessments by a qualified security assessor, tight adherence to security patching protocols and regular network scans throughout the year.
The risks of noncompliance include credit card data breaches (and all the ensuing problems that an incident would trigger). Taking all our clients and their customers into account, the Gotransverse’s platform handles millions of credit card transactions every year, and maintaining certification ensures all that data is protected according to the latest security best practices as mandated by PCI.
SOC 1 and 2 Audits
Companies that provide services to other organizations need to show that processes and controls are in place to ensure that data is being properly handled. Auditors may need proof that the controls around the services are designed correctly and operating effectively. A service organization control (SOC) is a review by a third-party auditor of the controls a service business has implemented to protect client data. There are two different audit reports, SOC 1 and SOC 2, that show different aspects of this.
SOC 1 compliance, also known as SSAE (Statement on Standards for Attestation Engagements) 18, focuses on a service organization’s controls that are likely to be used in an audit of their customer’s financial statements. There are two types of SOC 1 compliance. The SOC 1 – Type I audit report looks at a service organization’s controls. The SOC 1 – Type II audit report looks at the same controls and adds the effectiveness to achieve them over a specific time period.
SOC 2 compliance is required for companies hosting or processing non-financial client information, evaluating controls relating to security, availability, processing integrity, confidentiality, and privacy of that data. There are also two versions of the report – Type I and Type II.
InfoSec Assessments
Companies with strict security requirements may also require an InfoSec assessment in addition to PCI DSS Level 1, SOC 1, and/or SOC 2. An InfoSec review is a very prescriptive evaluation and insists on the implementation of the highest security controls. They are often based on different standards like ISO 27001 and then companies add in their own specific requirements like how government related data is handled in specific countries.
GDPR Compliance
The General Data Protection Regulation (GDPR) went into effect last spring in the EU, and it’s focused on providing more stringent data privacy and security measures for companies to follow, along with more user-friendly disclosures and reporting processes for consumers. The idea is to allow individuals better control over how businesses are using and storing their PII data.
The regulations apply to any organization (regardless of where it’s headquartered) that serves individuals in the EU, and the fines for noncompliance are steep. But here again, Gotransverse has ensured our platform is up to date and fully compliant, assuring our customers that the T’s have been crossed and the I’s have been dotted, and giving their customers peace of mind that their data is protected. While a EU regulation, GDPR is used as the basis of PII handling needs by companies throughout the world.
These certifications, assessments, and compliance give our clients the assurance that, at Gotransverse, we have the correct processes and procedures in place to correctly manage their customers’ data — both financial and otherwise — through our billing platform.
We know that world-class data security is critical for businesses to earn consumers’ trust today, but we also know that keeping up to date with the latest certifications, regulations, and standards takes a lot of time and effort. That’s why, here at Gotransverse, we manage compliance for our customers within our platform. That way, the businesses we work with can save that time and effort for the big-picture strategies that drive growth and build revenue. If you want to read our full company privacy policy, please feel free to review it here.
To find out more about how Gotransverse is ready to help businesses streamline billing to propel growth — including meeting compliance for the latest regulations and standards — we invite you to schedule a demo today!