SECURITY

COMPLIANCE

Fortitude Technology is PCI Certified. We undergo annual third party audits ensuring that we are taking the steps to ensure we are doing our jobs, following the standards that are set by the PCI SSC.

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while compliance with the PCI Security Standards is enforced by the payment card brands. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.

(SSAE) 16 Statement on Standards for Attestation Engagements is an auditing standard for service organizations, superseding SAS 70. The latter’s “service auditor’s examination” is replaced by a “Service Organization Controls” (SOC) report. SSAE 16 was issued in April 2010, and became effective in June 2011; many organizations which followed SAS 70 have now shifted to SSAE 16.
SSAE 16 reporting can help service organizations comply with Sarbanes Oxley‘s requirement (section 404) to show effective internal controls covering financial reporting.[3] It can also be applied to datacenters, or any other service that might be used in the delivery of financial reporting.

Fortitude Technology will work with you to ensure that your infrastructure and network are meeting the necessary requirements for such regulations as the Federal Financial Institutions Examination Council (FFIEC), Health Information Technology for Economic and Clinical Health (HITECH), Health Insurance Portability and Accountability Act (HIPAA), Data Security Standards (DSS), Gramm-Leach Bliley Act (GLBA), Federal Information Security Management Act (FISMA) & others.