New ISO/IEC 27001:2013 and PCI-DSS 3.1 Critical Compliance Certifications Strengthen Data Security Practices
Chanhassen, Minn. (July 28, 2015) — In order to enhance its data security practices, IWCO Direct, a leading provider of direct marketing solutions, has announced it has achieved ISO/IEC 27001:2013 certification through BSI. The company has also achieved Level 1 Payment Card Industry – Data Security Standard 3.1 (PCI DSS) compliance certification. These certifications extend to Mail-Gard®, a division of IWCO Direct which provides business continuity and disaster recovery services.
In 2013 IWCO Direct achieved ISO 27001:2005 and PCI DSS 2.0 certifications. Since then, both standards have been upgraded. To demonstrate its commitment to Continuous Improvement and data security, IWCO Direct devoted significant time and resources to updating and validating its practices to encompass the latest data security standards.
“Everyone understands the importance of data security, but many companies haven’t taken the necessary steps to ensure they are doing everything possible to protect client data,” stated Jim Andersen, CEO of IWCO Direct. “When evaluating potential business partners, we encourage all direct marketers to evaluate whether a company places as high a priority on protecting customer data, and the potential consequences if they don’t.”
About ISO/IEC 27001:2013
Developed by the International Organization for Standardization (ISO), ISO/IEC 27001:2013 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS).
IWCO Direct aggressively pursued certification through BSI due to the growing use of consumer data to drive relevancy and performance in direct mail campaigns. Since adopting the ISO best practice framework, IWCO Direct has continually maintained and enhanced its corporate information security management program and considers it an important competitive advantage.
To maintain its certification, IWCO Direct conducts regular internal and external audits to verify that its security practices remain in compliance with the standard, ensuring that information security remains integrated into the core of its business.
About PCI DSS 3.1
The PCI DSS standard is established by the PCI Security Standards Council, LLC, an open global forum responsible for the development, management, education and awareness of the PCI Data Security Standard (PCI DSS).
The new standard, which was released in April of 2015, incorporates requirements added to address recent vulnerabilities as well as recommendations for incorporating PCI DSS into everyday business processes, best practices for maintaining ongoing PCI DSS compliance and enhanced testing procedures to clarify the level of validation expected for each requirement. Upon release of the new standard, IWCO Direct took immediate steps to comply with the update to support its client base in highly regulated industries. Required to be performed annually to maintain certification, the latest audit provided IWCO Direct a fresh look at its security controls and implementation methodologies.
By achieving this compliance in data management in accordance with the highest security standards founded and supported by major payment card brands, IWCO Direct underscores its commitment to ensuring it has the technology and processes in place to support its customers’ statement processing and financial mailings.