When given the option of building a foundation on rock or sand, the choice for most would be clear. In an age of increasing threats to information security—particularly for financial institutions and the account holders who rely on them—partnering with Harland Clarke is like settling on a bedrock of trust.
That is because we have made a commitment to information protection, along with the substantial investment in time, effort and financial resources that it takes to follow through on it. Whether printing checks or providing marketing services, Harland Clarke offers the highest level of protection possible for all the information with which it is entrusted.
Our meticulous security standards and processes are employed in four key areas:
Harland Clarke maintains a state-of-the-art information technology infrastructure, with strict internal controls over user access. The system is analyzed on an ongoing basis for security improvements and enhancements. Among other features, it provides:
We have extensive protective measures in place to secure all our physical locations. Harland Clarke’s direct marketing facilities utilize security measures that include:
Harland Clarke maintains compliance with state and federal regulations such as Gramm-Leach-Bliley (GLB) and Sarbanes-Oxley (SOX). In addition, through third-party auditing firms such as Deloitte & Touche, PricewaterhouseCoopers and Ernst & Young, Harland Clarke has earned SOX and GLB certifications, both of which are subject to annual audits. We also adhere to the Statement on Auditing Standards No. 70, Services Organizations (SAS 70). This auditing standard, recognized internationally, certifies that a service organization has been through an in-depth audit of its control activities, including controls over information and related processes.
Vendor Risk Assessment Programs
To ensure all vendors engaged with Harland Clarke are in compliance with applicable regulations and to provide the highest level of security possible, our internal information technology department conducts a thorough on-site audit and risk assessment annually for each vendor. Not all financial institutions have such controls. In fact, with many of the outsourcers that financial institutions rely on for their fulfillment needs, the financial institution has limited visibility as to where its customers’ data is distributed—or what security measures, if any, are in place. With Harland Clarke’s thorough security controls at each point of the fulfillment process, our clients can feel at ease knowing their data is secure with us.
A dedicated security department, led by the chief security officer and the chief information security officer, oversees all aspects of Harland Clarke’s data security efforts. This department has specific accountability for developing enterprise-wide
security policies and procedures, and for ensuring that they are standardized and adhered to across all Harland Clarke organizations. Further, the security officers are responsible for overseeing the stringent audits that are conducted by many of the largest financial institutions in the industry.
As part of the ongoing, proactive effort to enhance data security, Harland Clarke is finalizing requirements to obtain the Payment Card Industry Data Security Standard (PCI DSS) certification. Created by major credit card companies to help facilitate the broad adoption of consistent data security measures on a global basis, all organizations that process credit cards or otherwise handle credit card data are supposed to be PCI DSS compliant. If they are not, they risk losing the ability to process cards, along with a significant portion of their organizational revenue. However, the certification process is strenuous, and when Harland Clarke receives its certification, it will be one of a select few service providers to have completed the process.
In addition, once it receives the initial PCI certification, Harland Clarke will be audited annually by a third-party firm. Visa must approve this re-certification each year for all service providers if they are to maintain their PCI-certified status.
To obtain and maintain certification, companies must adhere to 12 requirements contained within the following six PCI DSS principles:
For more than 100 years, Harland Clarke has been helping financial institutions succeed, earning their trust in the process. Security is a priority at Harland Clarke, and one we take seriously—on behalf of all the clients we serve.
To learn more about Harland Clarke’s rigorous approach to information security, contact your local Harland Clarke account executive today.