Data Security
Data has never been more important to your business and never more vulnerable. ConServe recognizes the vital importance of a corporate information security program to secure the data and assets of our Clients and their Consumers.
Your data is safe and secure, period.
ConServe has more than 1,000 information security controls in place and is compliant with the strict security guidelines and audits required by the U.S. Department of Education. In conjunction with Federal contract requirements, ConServe maintains FISMA (Federal Information Security Management Act) 3rd party certification, which complies with all NIST (National Institute of Standards and Technology) 800-53 standards and guidelines. All of these controls ensure that our Client data is safe and secure. Additionally, ConServe complies with PCI-DSS standards and is PCI-DSS V4.0 certified.
Complimentary E-Book
Three Key Components of Data Security
In today’s digital age, safeguarding consumer data is of utmost importance for financial institutions. However, as data security is a complex and constantly changing field, it’s important to keep several key factors in mind. In our free E-Book, we delve into three essential components of data security:
- Consumer behavior
- Employee training
- Comprehensive compliance systems
Download our complimentary E-Book now to learn more and ensure your institution is equipped to protect your consumers’ data.
ACA International Member Agency
ConServe is a proud member of ACA International, adhering to the highest standards of ethics, compliance, and professionalism in the accounts receivable management industry.
SSAE 18/SOC 1 Type 2 and SSAE 18 SOC 2 Type 2 Engagements
ConServe completes SSAE 18 SOC 1 Type 2 and SSAE 18 SOC 2 Type 2 engagements, conducted by a third-party auditor, annually. The SOC 1 and SOC 2 reports evaluate controls at a service organization that are relevant to the security, availability, and processing integrity of a service organization’s system. In addition, the reports also evaluate the confidentiality of the information and the privacy of personal information that the service organization’s system controls.
FISMA Compliant
In accordance with the U.S. Department of Education and in conjunction with Federal contract requirements, ConServe is compliant with the Federal Information Security Management Act (FISMA). ConServe’s comprehensive Information Security Program is structured to align with the information security standards and guidelines of the National Institute of Standards and Technology (NIST) Special Publication 800-53: “Security and Privacy Controls for Federal Information Systems and Organizations”.
PCI-DSS Compliance
PCI Security Standards are developed and maintained by the PCI Security Standards Council to protect payment data throughout the payment lifecycle. The different PCI Standards support different stakeholders and functions within the payments industry.
-
ConServe’s PPMS (Professional Practices Management System) includes stringent policies and procedures that address Administrative, Technical, and Physical Safeguards to protect the privacy, security and confidentiality of Client and Customer supplied data.
Additionally, ConServe complies with the Federal Information Security Management Act of 2002 (FISMA) and completes SSAE 18 SOC 1 Type 2 and SSAE 18 SOC 2 Type 2 engagements.
-
Yes, ConServe has a made a commitment to meet and exceed government information security standards in accordance with the Federal Information Security Management Act (FISMA). FISMA compliance requires adherence to numerous regulatory guidelines and requirements as described by the Federal Information Processing Standards (FIPS) and the National Institute of Standards and Technology (NIST) Special Publications.
-
Yes, ConServe is PCI-DSS Certified and has a comprehensive System and Data security program that complies with all PCI-DSS standards.
-
ConServe completes SSAE 18 SOC 1 Type 2 and SSAE 18 SOC 2 Type 2 engagements, conducted by a third-party auditor, annually. The SOC 1 and SOC 2 reports evaluate controls at a service organization that are relevant to the security, availability, and processing integrity of a service organization’s system. In addition, the reports also evaluate the confidentiality of the information and the privacy of personal information that the service organization’s system controls.
