Harland Clarke Home

Making News

Harland Clark's Information Security Program continues to distinguish itself


Harland Clarke Corp.’s Information Security Program has achieved recertification in two critical industry evaluations: the Payment Card Industry Data Security Standard (PCI DSS) and the Verizon Business Security Management Program (SMP) Cybertrust Certification. Harland Clarke also completed the annual American Institute on Certified Public Accounts (AICPA) Statement of Auditing Standards Number 70 (SAS-70), Type II audit. The widely recognized certifications and audit help ensure the protection of credit card and consumer information. All three are considered essential for organizations entrusted with financial data.

Harland Clarke's Information Security Program Strategy illustration

“At Harland Clarke, information security is considered a core competency,” says President and Chief Operating Officer Dan Singleton. “Our Information Security Program is based on proven standards, with fundamentals driven by risk management decisions made at the executive level. This level of oversight and commitment is what our clients and their account holders deserve.”

Harland Clarke’s information security effort is led by Chief Information Security Officer John Petrie, CISSP, CISM, CHS-III. Under Petrie’s direction, the company built the program using Harland Clarke’s enterprise-wide quality processes, linking security and risk mitigation decision processes to the organization’s operating plan and strategic growth goals, then ingraining security into the mind-set of employees. Petrie also committed senior-level information security professionals to client-facing roles, further strengthening the support Harland Clarke provides its clients’ organizations. “With an experienced team of in-house information security professionals, Harland Clarke is able to maintain a standards-based program that transfers the overall risk across multiple security areas. This gives our clients the confidence to share their risk with us,” notes Petrie.

Upon its completion of a recent security audit of Harland Clarke, one of the company’s largest financial institution clients commented, “I found no critical issues and assessed that Harland Clarke had a well-documented, mature security program, and that the processes supporting the program were sound.” Harland Clarke’s ongoing investment in its integrated Information Security Program helps ensure its controls are effective and functioning, and that risk is reviewed and mitigated to acceptable levels. The in-house staff of experienced information security professionals sets the program’s standards with the goal of not only meeting industry criteria, but exceeding them.

Harland Clarke Marketing Services’ production and printing facility located in Baltimore, Maryland, was again certified by Visa® using the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. When awarded its first certification in early 2007 following a year-long evaluation process, Harland Clarke Marketing Services was one of the first financial services direct marketing firms to meet all of the PCI DSS requirements. It is one of the few certified direct marketing companies specializing in the financial services industry, as well as one of the few direct marketing firms doing its own print production, that has achieved this security certification.

For the fourth consecutive year, Harland Clarke received the Cybertrust Enterprise Certification for its Dallas and San Antonio manufacturing operations. The coveted Verizon Business SMP Cybertrust Certification demonstrates an organization’s continued commitment to security assurance practices. It helps companies reduce risk by reviewing their information security measures and addressing a broad range of security needs, from network and system analysis to security policy inspection. Harland Clarke has expanded this critical program to other locations, achieving Enterprise Certifications at its Chicago and Nashville fulfillment center locations, and most recently its Baltimore Marketing Services location. The company also completed its annual AICPA SAS-70, Type II audit conducted by PriceWaterhouseCoopers, a tier-one independent auditing firm. The SAS-70 Type II audits verify that adequate controls and safeguards are in place for service organizations that have access to and process shareholder, client and customer data. The audits are widely considered the financial industry’s best practices standard, and are accepted and referenced by bank examiners, financial auditors, and Securities and Exchange Commission auditors. For the first time, the Harland Clarke Information Security program and its defense-in-depth, layered security strategy was evaluated by the Department of the Treasury, Office of the Comptroller of the Currency, and found to be a risk-based, mature program that meets the standards set forth by the Federal Financial Institutions Examination Council.