Bedford, Mass. – SoundBite Communications, Inc. (NASDAQ: SDBT), a leading provider of on-demand, multi-channel proactive customer communications, today announced its re-certification as a Level 1 Service Provider compliant with the Payment Card Industry Data Security Standard (PCI DSS).  This marks the third consecutive year that SoundBite has been PCI certified as a Level 1 service provider.  The full list of service providers is available here.

PCI DSS is the industry standard for any merchant or service provider to process, store, or transmit cardholder data.  Organizations that outsource the processing of cardholder information including financial institutions, credit card issuers, retailers and other secure enterprises require that their service providers go through the rigorous PCI certification process.  These organizations may fall out of compliance themselves if they do business with non-certified service providers.

Level 1 service providers, such as SoundBite, must successfully undergo a stringent, on-site PCI data security assessment conducted by an independent Qualified Security Assessor.  This is the most rigorous level of validation available under the PCI Data Security Standard.  In order to achieve PCI certification, a service provider must demonstrate that it has information security controls, procedures and technology in place that effectively meet all of the PCI requirements across 12 control areas.  Consistently achieving PCI recertification year after year requires operational maturity and continued evidence of success within an information security program.

SoundBite’s Information Security Program is based on industry best practices and recognized standards such as ISO 27002 and NIST 800-53 and includes an annual PCI recertification process.  This comprehensive approach ensures that safeguards are in place to protect information entrusted to SoundBite by all of its clients, not only those with a requirement for PCI certification.

“Businesses have zero tolerance for exposing their customers to increased threats of credit card fraud and identity theft,” said John Nye, Director of Information Security and Compliance at SoundBite Communications.  “The only way for an organization to demonstrate publicly that it is PCI compliant is to achieve PCI certification as validated by a Qualified Security Assessor.  A comprehensive information security program that includes this stringent PCI certification process helps businesses reduce their risks and maintain their PCI compliance.”

In addition to its annual PCI certification, SoundBite routinely submits to external audits of its policies, controls and processes on behalf of its clients.  In 2010, SoundBite participated in more than 27 external security audits on behalf of financial institutions, retailers, insurance, healthcare, telecommunications and energy providers.  It also received an unqualified opinion in a Statement on Auditing Standards No. 70 (SAS 70) Type II auditor’s report.  SAS 70 Type II auditor’s report is based on an in-depth audit of internal and external control activities.  This annual report helps assure clients that SoundBite has practices in place to protect client data.  Specifically, a Type II report contains an opinion not only on a company’s description and design of controls, but also on the effectiveness of the controls in providing reasonable assurance that control objectives were met.


Next Article: USDT Launches Chargeback Recovery Services for Merchants ...

Advertisement