At TSI, data security starts with FISMA.
You’ve seen the data security breaches: Dun & Bradstreet, Democratic National Committee, Equifax, Internal Revenue Service, Sony, Yahoo – and more.
According to 24/7 Wall Street, there were nearly 250 publicized data security breaches in 2017 alone, with more than one million private records exposed.
If you’re not worried about how your vendors are handling cyber security, you’ve not been paying attention. For that matter, when was the last time you conducted a security audit of your on-premise servers?
This article is the second in a series that explains the details of TSI’s efforts at ensuring cyber security and protection of our client’s information (for more on our first post that covered HIPAA compliance click here). The series seeks to further explain the requirements of the standards to which TSI complies.
In this article, we’ll look at how complying with the nine FISMA requirements is just the latest in a long list of cyber security procedures designed to keep your critical data safe.
Data Security Compliance and FISMA
We know that no industry is exempt from hackers. The Credit Union Times broke down this year’s cyber security breaches by service category:
- Business 61%
- Healthcare 24.3%
- Education 8.7%
- Financial 4.2%
- Government 1.7%
The receivables that a debt recovery firm handles can run the gamut across any industry. One such business category that certainly is at risk is the government and military sector. Congress has enacted some compliance regulations called the Federal Information Security Management Act of 2002 (FISMA). Debt collection agencies must comply with the FISMA standard, which requires, “protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability.”
When was the last time you conducted an IT security audit of your third-party debt recovery firm?
FISMA compliance is mandated for any agency within the federal government, and state agencies that administer federal programs, including student loans, Medicare, and Medicaid.
TSI has achieved FISMA compliance not only because it’s a gold standard for cyber security, but also because our clients include debt recovery of student loans, departments of revenue, and past due healthcare accounts. While FISMA compliance may have been a shock to other third-party vendors who didn’t realize their work fell under this federal mandate, TSI was an early adopter of FISMA compliance. This means our cyber security protocols include:
- Maintaining an up-to-date inventory and categorization of all information systems and the interfaces between our client’s system and TSI’s information architecture.
- Maintaining an active cyber security plan that is regularly updated and modified based on real and perceived current threat vectors.
- Development of active security controls that meet and exceed the FISMA standard.
- Conducting regular cyber security risk assessments as a best practice for assessing FISMA compliance.
- Maintaining current FISMA accreditation and certification through regular reviews of TSI’s protocols and IT architectures.
- Conducting continuous 24/7/365 data security monitoring of security controls, system configurations and components, and status reporting.
Encrypting data while in transit and at rest is a high cyber security priority, which adds to the layers of data security protocols cloud service providers offer. While FISMA compliance requires strict cyber security standards, it’s only one of the regulatory compliance standards that TSI meets.
To find out more about TSI’s efforts to maintain your data security, contact us.