Regulatory & Compliance

GDR Security Standards

Security of consumer information is our highest priority. Global Debt Registry's in-house PCI-DSS consulting group has designed and implemented a detailed, multi-level architecture built to the meet and exceed PCI DSS standards from the ground up. Because of our stringent security model, Global Debt Registry also meets or exceeds regulatory standards such as Sarbanes Oxley, Gramm-Leach-Bliley, HIPAA or industry guidelines such as ISO 27001 and SAS70 I & II.

GDR Security Policies

GDR is committed to protecting data entrusted to us by our Clients. Data that is received, stored, and/or transmitted often contains information that has been deemed confidential under federal and/or state regulations. Industry requirements such as the Payment Card Industry Data Security Standard require GDR to protect confidential data; specifically cardholder data. GDR is committed to meeting both regulatory and industry requirements for the protection of confidential data.

GDR has documented its commitment to data security through a detailed and extensive set of policy statements. These policy statements define the business rules at GDR for meeting federal, state, and industry requirements for protecting confidential data. The following are a sampling of security practices that are in place to protect confidential data:

Physical Security. GDR's network is located in a data center which meets and/or exceeds the payment card industry standards for physical security.

Employee Background Checks. All GDR employees go through extensive background checks which include employment verification, education verification, reference verification, credit checks.

User Authentication. All access to data is only allowed through fully authenticated and authorized users. GDR uses multiple authentication schemes including the use of third parties (where appropriate) to verify the identity of users during the enrollment process. Access is only allowed to confidential data after the user is authenticated through multiple factors.

Logical Data Segregation. All account data is logically segregated at the portfolio level. Users can only access portfolios and GDR generated reports where they are the registered owner of the account/portfolio or have been authorized to access the data by the registered owner of the account/portfolio.

No Direct Access to Data. Once data has been submitted to GDR, no party except GDR has direct access to the data. When requests for confidential data are submitted to GDR, GDR retrieves the data and places the data in a staging area dedicated to a particular Client for pick up by the authorized requesting user.

Encryption. Extensive use of strong encryption schemas is in place to protect data at rest and data in transit.

Structured Change Control. A structured change management program is in place which ensures only authorized change is permitted to systems which impact confidential data.

Extensive Real Time Performance and Security Monitoring. Network monitoring tools constantly benchmark mission critical devices against expected performance norms. Intrusion Detection solutions (including network firewalls, application firewalls, host and network based intrusion detection systems, and log monitoring) are vigilantly monitoring for security events. And, all this is monitored by Solutionary and a fully staffed network operations center, 24 hours a day/365 days a year.

Internal Verification of Security Functions. GDR regularly tests its security practices to ensure they are in line with our own security policies. This validation process extends to both GDR's vendors and GDR's data trading partners.

External Verification of Security Functions. Third parties verify on a regular basis the data which GDR secures. This includes daily third party vulnerability scanning, annual third party penetration testing, and an annual third party audit/assessment of security policies and practices.

These are but a few of the security measures which have been put in place to protect confidential data which has been entrusted with GDR.