iSAFE SECURED is a program designed to recognize businesses that go the extra mile to ensure that their customer’s information is secure by improving the security and integrity of their own technology systems.
Customer’s who meet the minimum security specifications and requirements of the program shall be presented with an iSAFE Secured certificate, and granted usage rights to the iSAFE Secured seal to display the awarded program logos, and other information on their own web site or marketing materials.
Customer has an annual assessment of their network, systems and processes to verify controls are in place and operational, and to evaluate and identify and areas of weakness in their systems. PCI DSS 12.8.4, NIST 3.12.1
Customer has developed and enforces and acceptable use policy that applies to all employees and covers important security requirements, procedures and policies regarding the use of technology within the organization. PCI DSS 12.3
Customer utilizes a third-party email phish platform to test employee awareness and provide training regarding email phishing attempts. PCI DSS 9.9.3, PCI DSS 12.6.1, NIST 3.2.3
Customer provides at least bi-annual training and communication of system security, policies, and processes. PCI DSS 9.9.3, PCI DSS 12.6.1, NIST 3.2.3
Customer utilizes multiple levels of data backup which include at least one on-site backup system that is physically secured, and one off-site backup system. PCI DSS 9.5.1, NIST 3.8.9
Employees are not allowed to install software or updates on network connected devices. NIST 3.4.9
Customer utilizes web filtering technology to block access to known malicious sites and content to reduce the risk of malware exposure. NIST 3.4.8
Computers where sensitive data are stored are locked behind closed doors to prevent physical access to the machine. PCI DSS 9, NIST 3.8.1, 3.8.2, 3.10
Users of the network are identified by a strong username and password unique to each individual logging in. There are no shared logins. Inactive user accounts are removed within 90 days. PCI DSS 8, NIST 3.5.1, 3.5.2
Customer maintains secure systems and applications by ensuring that all security updates and patches are installed in a timely manner. PCI DSS 6, NIST 3.14.1
Customer does not transmit sensitive customer information or data over non-secure (un-encrypted) networks. PCI DSS 4, NIST 3.1.13, 3.8.6
Customer has minimized or eliminated on-site cardholder data storage. Magnetic strip, pins, or CVC data is not stored on-site. Sensitive customer information is only accessible by authorized users with business relevant access requirements. PCI DSS 3, PCI DSS 7, NIST 3.1.13, 3.8.6
All vendor supplied default usernames and passwords have been changed on all network connected hardware such as routers, switches, and access points to prevent un-authorized access and configuration changes. PCI DSS 2, NIST 3.5.7, 3.5.1, 3.5.2
Customer must have actively scanning and updated anti-virus software on all workstations and servers directly connected to the Internal network. PCI DSS 5, NIST 3.14.2, 3.14.4, 3.14.5
Customer must have software firewalls on all servers and workstations enabled and blocking all unnecessary traffic between local workstations. PCI DSS 1, NIST 3.13.1, 3.13.5, 3.13.2
Customer must have hardware firewall in place configured to block all unnecessary inbound traffic from the Internet. Line of business applications requiring external access must be justified in writing. PCI DSS 1, NIST 3.1.3, 3.1.18, 3.4.2, 3.4.3, 3.4.6, 3.13.1, 3.13.5
Would you like to qualify your business for the iSAFE SECURED program? Just fill out the form below and we’ll schedule a FREE consultation to determine your next steps toward becoming iSAFE SECURED!