ISO27002 CERTIFICATION TO MANAGE & PROTECT DATA

PRS is an ISO 27002 certified company. ISO 27002 is a set of information security controls describing “best practices in information security”. We selected and implemented these controls as a security strategy to safeguard our client’s and their customer’s information. We have established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within our organization. We adapted the ISO certification with the intent to address any specific requirements relating to a formal risk assessment and to enhance polices as well as procedure already documented. The ISO 27002 is also intended to provide a guide for the further development of “organizational security standards and effective security management practices. We believe these best practices will help build confidence in our internal and external organizational activities.

CERTIFICATION SAS 70 Type II

PRS continues to build on its quality of security.  A variety of government-compliance regulations have been created over the past several years — including the standards imposed by the Sarbanes-Oxley Act of 2002 requiring many businesses and all U.S. public companies to maintain increased, unremitting vigilance over their internal controls, customer privacy and data security. PRS identifies SAS 70 as the most widely recognized professional auditing standard and represents the professional guidelines that CPAs (certified public accountants) must follow when conducting audits.

SAS 70 Type II compliance signifies the most stringent form of professional examination and based on its level of compliance certifies that a hosting provider has had its control objectives and activities examined by a qualified independent accounting and auditing firm. We trust that the SAS 70 Type II adherence demonstrates that PRS maintains adequate processes and safeguards when it hosts or processes customer data.

MANAGING YOUR DATA

When you submit consumer information to PRS electronically it is encrypted through our online portal which resides in the building. This information remains encrypted on the database and is password protected unless accessed by authorized personnel. Expired information is destroyed through formal disposal protocol.

ENVIRONMENTAL CONTROLS

Your information is monitored by on site personnel 24 hours a day 7 days a week. The environment is FM200 with water detection and separate temperature control. If information is lost or damaged in a disaster, PRS maintains a Hot site that will restore all systems within three hours or less.

EMPLOYEE PROTOCOL

All employees undergo a formal security awareness program. Background checks are performed and a clean desk policy is strictly enforced. The PRS environment is friendly however due to the sensitive nature of your information, no cell phone or personal data devices are allowed on the collection floor.

FACILITY CCTV/DVR

The PRS data and operational facility is video recorded for four months & tapes are stored off-site. Camera’s are placed through-out the building on the collection floor, data entrance and accounting department. 

GLBA

The Gramm-Leach-Bliley Act (GLBA), which is also known as the Financial Services Modernization Act of 1999, provides limited privacy protections against the sale of your private financial information. Additionally, the GLBA codifies protections against pre-texting, the practice of obtaining personal information through false pretenses.

Licensed in all states

Each state has its own set of laws pertaining to debt collection. However, every state does not require a license to conduct collection activity. PRS maintains a certificate of authority to transact in the all U.S states that require certification.

SECURITY

PRS takes pride in its established security policies and procedures.
We have 24/7 monitoring with use of our CCTV system by our CSO. We back it up on DVR and retain the information for 4 months. We have in practice a no cell phone or recording devices policy. We also maintain a clean desk policy and have secured shredder bins for disposal. Our collectors and managers participate in a Security awareness / Privacy protection seminar conduct by our Officer of Compliance and they are tested semi annually on these basic principles. 

PCI

Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.