Global Debt Registry LLC an Accounts Receivable Title Origination Company, have developed transparent solutions to provide account debt ownership, validation, registration and tracking to participants

GDR Security Standards
Security of consumer information is our highest priority. GDR has designed and implemented a detailed, multi-level infrastructure architecture solution built to meet certified PCI-DSS standards. Because of GDR’s stringent security model, Global Debt Registry also meets or exceeds regulatory standards such as Sarbanes Oxley, Gramm-Leach-Bliley, HIPAA and industry guidelines such as ISO 27002 and SSAE 16. In addition, our platform is VISA-CISP certified.

GDR Security Policies

GDR is committed to protecting data entrusted to us by our clients. Data that is received, stored, and/or transmitted often contains information that has been deemed confidential under federal and/or state regulations. Industry requirements such as the Payment Card Industry Data Security Standard, GLBA, FTC Act, and state privacy regulations require GDR to protect confidential data, specifically cardholder data. GDR is committed to meeting both regulatory and industry requirements for the protection of confidential data.

GDR has documented its commitment to data security through a detailed and extensive information security program. This program defines the GDR’s information security policies and practices for meeting federal, state, and industry requirements for protecting confidential consumer data. The following are a sampling of security practices that are in place to protect confidential data:

Physical Security. GDR's network is located in a data center that meets and/or exceeds the payment card industry standards for physical security.

Employee Background Checks. All GDR employees go through criminal background checks and extensive background checks that include employment verification, education verification, reference verification, credit checks.

User Authentication. All access to data is only allowed through fully authenticated and authorized users. GDR uses multiple authentication schemes including the use of third parties (where appropriate) to verify the identity of users during the enrollment process. Access is only allowed to confidential data after the user is authenticated through multiple factors.

Logical Data Segregation. All account data is logically segregated at the portfolio level. Users can only access portfolios and GDR generated reports where they are the registered owner of the account/portfolio or have been authorized to access the data by the registered owner of the account/portfolio.

No Direct Access to Data. Once data has been submitted to GDR, no party except GDR has direct access to the data. When requests for confidential data are submitted to GDR, GDR retrieves the data and places the data in a staging area dedicated to a particular Client for pick up by the authorized requesting user.

Encryption. Extensive use of strong encryption schemas is in place to protect data at rest and data in transit.

Structured Change Control. A structured change management program is in place, which ensures only authorized change is permitted to systems that impact confidential data.

Extensive Real Time Performance and Security Monitoring. Network monitoring tools constantly benchmark mission critical devices against expected performance norms. Intrusion Detection solutions (including network firewalls, application firewalls, host and network based intrusion detection systems, and log monitoring) are vigilantly monitoring for security events. And, all this is monitored by third party security monitoring form in a fully staffed security operations center, 24 hours a day/365 days a year.

Internal Verification of Security Functions. GDR regularly tests its own security practices to ensure they are in compliance with regulatory requirements. This validation process extends to both GDR's vendors and GDR's data trading partners.

External Verification of Security Functions. Third parties verify on a regular basis the data, which GDR secures. This includes daily third party vulnerability scanning, annual third party penetration testing, and at least one third party audit/assessment of security policies and practices annually.

These are but a few of the security measures which have been put in place to protect confidential data which has been entrusted with GDR.