How confident are you that customer information passed to your due diligence service provider is handled with care? What does it mean to be accredited with a ISAE3000 certification? Find out why it is imperative to trust your due diligence service provider.
- Serious data protection infringements under the EU’s GDPR are punishable by fines of up to 4% of annual global turnover or 20 million euros, whichever is higher.
- The recent Cisco 2017 Cybersecurity Report, which found that 22% of organizations affected by cyber security breaches lost customers, with 40% of them losing more than a fifth of their customer base.
- Our Enhanced Due Diligence (EDD) is accredited with ISAE3000 certification by PwC.
- With the EDD Ordering platform, you will not need to send sensitive information by email to request background checks of heightened risk customers or third-parties.
Regulators around the world are sending a clear message — personal data needs to be protected and handled with secure measures in place.
From this year, for example, serious data protection infringements under the EU’s GDPR are punishable by fines of up to 4% of annual global turnover or 20 million euros, whichever is higher.
But the impact is much more than just financial; as firms also suffer a loss of customer confidence if they breach the security obligations and standards they agree to put in place.
This was highlighted in the recent Cisco 2017 Cybersecurity Report, which found that 22% of organizations affected by cyber security breaches lost customers, with 40% of them losing more than a fifth of their customer base.
The report, which involved nearly 3,000 Chief Security Officers and security executives, also found that 29% lost revenue as a consequence, with 38% of that group losing more than a fifth of their revenue.
Cisco said that 23% of breached organizations also lost business opportunities, with 42% of them giving up more than a fifth of such opportunities.
Due diligence security
Estimates indicate that as many as 63% of data breaches are traced back to a third-party vendor.
This illustrates the serious implications for the privacy of customers, partners, agents and distributors when you provide their data to your due diligence service provider.
How do you know who accesses personal information when you request the background checks?
And do you know where the data is stored and how exactly it is used to gather the contextual information?
Secure data protection
Our Enhanced Due Diligence is accredited with ISAE3000 certification by PwC.
This confirms that our EDD adheres to the regulations regarding the protection of sensitive customer information.
Our EDD data is hosted in ISO/IEC 27001 and SOC2 certified data centers with disaster recovery plans in place.
All sensitive traffic passes through fully encrypted network communication via HTTPS.
Regular security scans
With the EDD Ordering platform, you will not need to send sensitive information by email to request background checks of heightened risk customers or third-parties.
What’s more, with the API you can request and receive the checks directly through your own internally secure system.
Security scans are completed on a regular basis so that vulnerabilities are detected and remediated. Scans are done over the infrastructure, on the application as well as having a third-party run penetration tests.
All our EDD staff work on fully encrypted devices, undergo pre-employment background screening, security awareness training and are obligated to comply with our Employee Code of Business Conduct and Ethics.
