Committed to
Doing it Right

Compliance & Security

Security is Our Top Priority.
The security of our clients’ data is our top priority at D&A Services, LLC (D&A). Our facilities and systems exceed the requirements for SSAE 18 Type II, PCI-DSS, and ISO 27001 standards and we participate in regular audits to validate our policies, procedures, and systems. 

We operate on state-of-the-art technology platforms that keep us compliant with information security requirements for large organizations and all state and federal regulations. Our advanced central administration system assists with the management of all our security policies and access privileges. 

As our technology footprint expands across environments, partners and endpoints, security solutions such as cyberthreat mitigation and real-time monitoring are paramount. The D&A team is trained on security policies to keep our facilities and your data safe. We provide training to enhance our team’s understanding of modern security risks, including social engineering attacks, phishing schemes, brute force attacks and more.


The AICPA Auditing Standards Board (ASB) issued Statements for Attestation Engagements (SSAE) No. 18, Attestation Standards, Clarification and Recodification in April 2016. It will be effective for examination, review and agreed-upon reports dated on or after May 1, 2017.

PCI DSS Compliant

The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

ISO 27001

ISO 27001 is an information security standard that was published on the 25th of September 2013. [1] It supersedes ISO/IEC 27001:2005 and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.[2] It is a specification for an information security management system (ISMS).

Important State Consumer Disclosures:

The disclosure(s) contained within this link only apply to you, the Consumer, if you reside in the respective State/City listed.

Privacy Policy Notices:

The disclosure(s) contained within this link contain D&A Services General Privacy Policy. The disclosure(s) contained within this link contain D&A Services Privacy Policy for the State of California.

Skip to content