- Oct 07
Security For Your Credentialing Program
Security is serious business here at Kryterion, especially for our clients and test candidates.
We’re charged with protecting their personal and financial information.
Security also involves our own reporting and internal controls.
At the bottom of every page on our web site, you'll see the icons of the security measures we've earned that protect your investment in your credentialing programs and safeguard the personal information of your test candidates.
We’re PCI Compliant
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment for the protection of financial data and user identities.
The PCI DSS is administered and managed by the PCI Security Standard Council, an independent body created by the major payment credit card brands including Visa, MasterCard, American Express and Discover.
The PCI DSS applies to any organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
We’re SSAE16 Certified, Too
The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of auditing standards published by the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies like Kryterion report on compliance controls.
Auditors use SSAE 16 as a guide when creating two specific audit reports. The first is a snapshot that reflects the status of an organization's controls on a particular day. The second is a series of snapshots that record how controls have changed over time.
Auditing standards like SSAE 16 guide the discovery of security controls in all types of organizations, such as data center and Internet service providers (ISPs). The use of such standards helps organizations and auditors demonstrate security compliance.
SSAE 16 helps clients gain insight into the vendors they hire and charge with managing secure, private information. This certification is earned after a vendor has passed an extensive audit of internal controls for financial reporting.
SOC 2 Type II Certified
Protecting your online data is a necessity these days, especially if you outsource services to vendors who must access that data. You want to be sure that their protocols for security, privacy, confidentiality, etc. are rock solid.
SOC stands for Service Organization Control. It’s an auditing procedure also set up by the AICPA to ensure that service providers like Kryterion securely manage their clients' data.
For companies that value data security and peace of mind—and who doesn’t?—discovering the extra protection that SOC 2 Type II provides is welcome news.
In 2018, Kryterion became SOC 2 Type I compliant by passing a rigorous audit of our internal controls.
SOC 2 Type II is far more comprehensive. We were audited for compliance with five trust principles established by the AICPA: security, privacy, confidentiality, availability and data processing.
You can find more details about SOC 2 on the AICPA web site.
Security For You and Your Test Candidates
And just so you know, achieving SOC 2 Type II compliance is unusual for a company of Kryterion’s size.
The time, expense, effort and scrutiny involved normally keep smaller companies from pursuing it.
And while we don’t consider ourselves small as such, we do have big ambitions!
Plus, we’re obsessed with providing exceptional service to our clients. That means that we’ll be requesting an audit each year just to keep up with any changes in the SOC 2 Type II standard.
We care about protecting our clients' data.
We'd enjoy the chance to do the same for your company.
Let us know how we can help. If you’d like to learn more about our security for your credentialing program, feel free to contact us via our short web form here.