Compliance & Security
The security of our clients’ data is our top priority at D&A Services, LLC (D&A). Our facilities and systems exceed the requirements for SSAE 18 Type II, PCI-DSS, and ISO 27001 certifications and we participate in regular audits to validate our policies, procedures, and systems.
We operate on state-of-the-art technology platforms that keep us compliant with information security requirements for large organizations and all state and federal regulations. Our advanced central administration system assists with the management of all our security policies and access privileges.
As our technology footprint expands across environments, partners and endpoints, security solutions such as cyberthreat mitigation and real-time monitoring are paramount. The D&A team is trained on security policies to keep our facilities and your data safe. We provide training to enhance our team’s understanding of modern security risks, including social engineering attacks, phishing schemes, brute force attacks and more.
The AICPA Auditing Standards Board (ASB) issued Statements for Attestation Engagements (SSAE) No. 18, Attestation Standards, Clarification and Recodification in April 2016. It will be effective for examination, review and agreed-upon reports dated on or after May 1, 2017.
PCI DSS Certified
The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
ISO 27001 is an information security standard that was published on the 25th of September 2013.  It supersedes ISO/IEC 27001:2005 and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. It is a specification for an information security management system (ISMS). Organizations which meet the standard may gain an official certification issued by an independent and accredited certification body on successful completion of a formal audit process.
Important State Consumer Disclosures:
The disclosure(s) contained within this link only apply to you, the Consumer, if you reside in the respective State/City listed.