We at Senior Systems encourage our customers to become informed and involved when it comes to data security.
This article is Part 2 in a series about PCI Compliance, discussing what we’ve been doing recently here at Senior Systems to become certified as PCI Compliant, and what that means to your school. As mentioned in PCI Compliance at Senior Systems Part 1, Senior Systems is considered a ‘service provider’, for the purposes of PCI Data Security Standards, meaning that our applications can transmit data about financial transactions to merchant account payment processors, but cannot store certain details such as the full credit card number in the database. As such, we have undertaken a thorough review of all of our systems, hardware, policies, and procedures, to ensure that we are a fully PCI Compliant Service Provider.
Here are just a few of the tasks we have completed as part of this important, company-wide initiative:
- Purchased new hardware and software for our Ascendance Cloud data center, to prevent and monitor for external threats
- Updated system software to apply the most up-to-date security patches (3 Ascendance Cloud maintenance sessions were scheduled in recent months to complete this task)
- With version 92_4 of the Ascendance applications, ensured removal of any stored credit card numbers, and continued to store but encrypted Social Security Numbers within the database (see Security Release Bulletin for more details)
- With version 92_4 of My BackPack, made the password assignment and reset processes more secure, so that passwords can only be set by users themselves, and are not stored in the database
- Undergone 3rd party penetration testing for Ascendance Cloud services and our internal networks
- Tightened internal data access, policies, and procedures to further protect facilities and sensitive customer data
And most importantly, PCI Compliance is not a “one and done” project–we’ve also set up an ongoing monitoring and review process, so that we can continue to assess and respond to emerging threats, new technologies, and best practice recommendations.
So what does all this mean for your school? It means that you can be even more confident that your data is safe and secure if you are using our Ascendance Cloud services. It does NOT mean that your school is ‘PCI Compliant’, since there are many additional requirements that your school would have to meet for that designation, but it DOES mean that your Senior Systems Ascendance and My BackPack applications would not present any vulnerabilities or obstacles, should your school decide to embark on its own PCI Compliance effort.
We’ll be sure to keep you updated from time to time as the data security landscape continues to evolve.
