Compliance & Technology

Security is Our Top Priority.

The security of our clients’ data is our top priority at Financial Business and Consumer Solutions (FBCS). Our facilities and systems exceed the requirements for SSAE 16 Type II, PCI-DSS, and ISO 27001 certifications and we participate in regular audits to validate our policies, procedures and systems.

We operate on state of the art technology platforms that keep us compliant with information security requirements for large organizations and all state and federal regulations. Our advanced central administration system assists with the management of all our security policies and access privileges.

The FBCS team is trained on security policies to keep our facilities and your data safe. We provide training to enhance our team’s understanding of modern security risks, including social engineering attacks, phishing schemes, brute force attacks and more.

fbsc data security collection agency
SSAE16 Type II Compliance

SSAE 16 Type II

Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010.  SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 and became effective on June 15, 2011.

credibility_pci-logo

PCI DSS Certified

The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

ISO27001-125

ISO 27001

ISO 27001 is an information security standard that was published on the 25th September 2013.[1] It supersedes ISO/IEC 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.[2] It is a specification for an information security management system (ISMS). Organizations which meet the standard may gain an official certification issued by an independent and accredited certification body on successful completion of a formal audit process.