Accounts receivable companies are often tasked with handling a range of important and sensitive data. This data can include medical records, credit card numbers, and personal identifying information. In order to ensure that such data is safeguarded against those who may want to attain and misuse it, a variety of regulatory standards have been put in place over the years. Still, within the industry there are some companies who excel at security practices and there are some whose operations are somewhat lacking. To understand what properly executed data security looks like, we’ll look at a sterling example of the former, IC Systems. That company, one of the top performers in its field when considering security, provides an interesting case study for those seeking to better comprehend how their data is being protected.
Company philosophy
One of the reasons IC Systems has placed such a high degree of emphasis on the proper handling of data is that the company was formed with a focus on ethical and honest practices in mind. At the time of its creation, now eighty years ago, founders Ruth and Jack Erickson pledged a commitment to prioritizing an upstanding way of doing business in an industry which has sometimes been tarnished by unscrupulous organizations. In the many years since that commitment, the company has not only remained a family-run endeavor but has also maintained its focus on operating as one of the most highly-respected players in its field.
This focus can be seen in a variety of areas of the company’s operations, but is perhaps best epitomized by its statement of core values. The statement, which enumerates the exact principles that the company constantly strives toward, guides every decision made by the business. The values listed in the statement are summed up as People, Integrity, Performance, Pride, and Innovation. In order to encourage employees to remain focused on the five values underpinning the company’s operations, a quarterly award is given to the employee who best personifies the character traits for which the firm has become known.
Metric of evaluation
The standard evaluation protocol in the accounts receivable industry is known as a FISAScore. This score is an objective assessment and measurement tool that is used to single out and quantitatively analyze security risk in the industry. In order to receive a certification in relation to the assessment, a company must meet requirements from the COBIT5, ISO, CCS CSC, NERC, IEC, and the NIST Cybersecurity Frameworks. Taken as a whole in a FISA evaluation, the preceding regulatory guidelines form the basis for the best practices for security throughout the field.
The company’s FISAScore, which is thirty percent higher than the industry average, is assessed by a third-party evaluator by the name of FRSecure. While it is typical for a company in the industry to be evaluated solely through the use of an SOC report, the company has opted for a more stringent set of standards to be applied to its practices. This is because a standard SOC report does not account for compliance with a variety of state and federal laws or the protection of specific asset classes, such as medical records. By accounting for these regulatory guidelines, the FRSecure audit goes above and beyond what many in the industry opt for.
Payment and medical records
Two areas of particular concern when discussing data security are the practices concerning the protection of credit card and medical information. For payment method protection, many collection agencies use a self-assessment to monitor for security regulation compliance. This is known as a Payment Card Industry Data Security Standard self-assessment, or PCI DSS. Here again, IC Systems goes beyond many of its competitors to engage in the more stringent PCI DSS 3.2 Report on Compliance. Not only is this evaluation method more rigorous in scope, it is also conducted by an external auditor. The method is also performed on the company’s entire network, rather than just on the portion of the network that processes credit cards. This helps to ensure security through every phase of the company’s data procedures.
When considering the security of medical information, there are two important legislative acts that heavily influence industry standards. These are known as the HIPAA and HITECH Acts. The goals of HIPAA and HITECH are to establish a series of security protocols that help to regulate the ways in which healthcare information can be stored, used, and transmitted. By addressing the confidentiality concerns presented by these two acts, the company is again establishing itself as a firm that values data security as a top priority.
Personal information
Another area of concern when discussing data is the potential for misuse of personal identifying information. Mishandling of this type of data can lead to a variety of problems for clients and consumers alike, such as identity theft and breaches of confidentiality. In order to protect data in this area, the government has implemented a number of provisions to regulate the ways in which data must be handled. Some of these regulations are the GLBA and the FTC Red Flags Rule. By implementing identify theft protection protocols and other practices centered around these security concerns, the company is able to not only be compliant with the appropriate government regulations, but also better serve their clients and consumers.
Following proper protocols in these areas has numerous positive effects for all involved. One major benefit of the regulations is to ensure the security and confidentiality of customer records of information. Another is that they help to protect against anticipated security threats before they even occur. Subsequently, information is safeguarded against any unauthorized access by malicious third parties.
With the large degree of sensitive information required to pass through companies in the accounts receivable industry, it is imperative that such companies place a high priority on data security protocols. Such protocols serve to protect data and keep clients and customers safe from those who would seek to misuse it. However, even with the clear importance of such practices, there is a large degree of variability as to how those in the industry implement security protocols. By examining the procedures put in place by IC Systems for the evaluation and implementation of security practices, we are better able to see the ways in which the top performers in the field run their operations. This example is one that others would do well to follow in order to ensure greater degree of data security for all.
More about IC Systems at https://thenewsversion.com/2018/05/ic-systems-protects-consumers/
