When sensitive data is breached for any reason, it can threaten the survivability of the organization. Database administrators are the protectors of their organization’s core data assets. They are tasked with ensuring that key data stores are safeguarded against any type of unauthorized data access. RDX understands that our customers have “turned over the keys” to their sensitive data stores to our organization. Our highest priority is to safeguard sensitive customer information. Our goal is to provide an unmatched level of security in our industry.
RDX's Industry Compliances - PCI DSS and SSAE 16 SOC 2
RDX provides 100% US-based support. We do not offshore or outsource any of our support services to third-party vendors. All of our database and OS professionals work directly out of our Pittsburgh, PA, and Charlotte, NC, service delivery centers. RDX’s staff is backed by a PCI-DSS Security Compliant and SSAE16 Service Quality Certified monitoring and support infrastructure that has been continuously improved and enhanced over our 20-year history.
PCI DSS Compliance
Payment Card Industry Data Security Standard (PCI DSS) is a set of over 400 individual audit objectives designed to ensure that companies that process, store or transmit credit card information maintain a secure environment. RDX received its 4th PCI Attestation document in Q1 of 2016.
Service Organization Controls (SOC)
SOC reports are designed to help service organizations that provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent certified public accountant. RDX received its 7th SOC report in Q1 of 2016.
PCI and SSAE 16 Compliances
Although RDX does not store or process any data for our customers, we understood that adhering to one of the most comprehensive security and privacy frameworks in the IT industry would allow us to create a strong foundation to build our security architecture upon. Becoming PCI compliant is yet another step in our ongoing corporate security strategy.
PCI is more than just a listing of arbitrary compliance objectives; it is a proven security process that helps organizations protect their data from outside attacks. The PCI Security Standards Council's audit requirements are continuously enhanced to deal with new threats as they are identified. The organization's goal is to continuously evolve its protection strategies to ensure that customer card holder data continues to be protected.
Payment Card Industry Data Security Standard (PCI DSS) is a set of over 400 individual audit objectives designed to ensure that companies that process, store or transmit credit card information maintain a secure environment.
RDX's PCI Security Audit is performed by Megaplan IT, a PCI organization certified Qualified Security Assessor. RDX received its 5th PCI Attestation document in Q2 of 2017.
What is a Qualified Security Assessor (QSA)?
Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. QSA Employees are individuals who are employed by a QSA Company and have satisfied and continue to satisfy all QSA requirements.
SSAE16 SOC 2 Type II Report
For calendar year 2017, RDX recently achieved their seventh SSAE 16 Service Quality Report. Service Organization Controls (SOC) reports are designed to help service organizations that provide information system services to other entities build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.
RDX worked with an accredited, third-party SSAE 16 auditing firm to create a set of audit control objectives that best reflect the key service quality indicators that measure our operating effectiveness.
The audit control objectives included all activities related to physical and logical security controls, data privacy, organization and administration, vendor management, work request and ticket management, incident management monitoring installation and configuration.
SSAE16 SOC 1 vs SOC 2 Reports
SOC reports demonstrate to clients that a service organization has effective internal controls and related safeguards in place. The reports provide valuable information users need to assess and address the risks associated with an outsourced service.
A SOC 2 report differs from a SOC 1, in that in addition to the control objectives defined by the service provider, it requires those organizations to adhere to a set of industry-defined standards. The SOC 2 report addresses a service organization’s controls that relate to operations and compliance, as outlined by the AICPA’s Trust Services criteria in relation to availability, security, processing integrity, confidentiality and privacy.
About MegaPlan IT
Megaplan IT specializes in security and compliance services. Their certified consultants assist companies to secure their environments and adhere to internal, industry and governmental standards and regulations.
About Schneider Downs
Schneider Downs is one of the 60 largest public accounting firms in the US. The firm provides top-tier accounting, business advisory and audit/assurance services, including IT audits for regulatory compliance.