Press Releases



SAN ANTONIO, TEXAS – March 20, 2008 -- Harland Clarke, a leading provider of integrated payment solutions, marketing services, technology, and business solutions to the financial services industry, recently received three AICPA SAS-70 Type II audits. The SAS-70 Type II audits verify that adequate controls and safeguards are in place for service organizations that have access to and process shareholder, client and customer data. The audits are widely considered the financial industry’s best practices standard, and are accepted and referenced by bank examiners, financial auditors and Securities and Exchange Commission (SEC) auditors.   

“The AICPA SAS-70 Type II audit is an integral part of Harland Clarke’s Corporate Information Security Program. The security controls are tested by an independent auditor, validating that security controls are in place and are functioning properly,” said John Petrie, chief information security officer at Harland Clarke, speaking on behalf of the security team.

Individual service auditor reports prepared in accordance with AICPA SAS-70 guidelines signifies that a service organization has had its control objectives and activities examined by an independent accounting and auditing firm. Identifying and evaluating relevant controls, the auditor gains an understanding of how a service organization provides transaction processing, data hosting, I/T infrastructure, or other data processing services, to its clients. The Type II report is more intense than a Type I report in that companies are required to provide descriptions of its controls as well as allow detailed testing of its controls during a minimum six-month period. Harland Clarke Receives SAS-70

The Harland Clarke evaluation utilized a unique methodology to define the control activities and objectives, driven by several standards and regulatory requirements for information and physical security including the Gramm-Leach-Bliley Act (GLBA), the Sarbanes-Oxley Act (SOX) and the Federal Financial Institutions Examination Council (FFIEC). This methodology helps ensure that Harland Clarke’s information is secure and that the controls in place are those accepted and highly regarded by the financial services industry and federal regulators.

The benefits of receiving a SAS-70 Type II Audit recognition to a service organization is that the auditor’s report supports the building of trust with clients and their customers, and also helps to avoid the need to entertain multiple audit requests from other sources. This process identifies opportunities for improving operations within the service organization.  

“A successful SAS-70, Type II audit, coupled with a successful Cybertrust® Enterprise Certification, provides documented verification that Harland Clarke has a mature Risk Management Program,” said Brad Wheeless, Senior Vice President, Administrative Services for Harland Clarke.  “Our entire team works very hard to earn the trust of our clients in protecting the information of their customers.”

About Harland Clarke Corp.

Harland Clarke Corp. is a leading provider of integrated payment solutions, marketing services and technology solutions. It serves approximately 15,000 financial institutions, as well as major investment firms, business-to-business clients, small businesses, and individual consumers.  With its corporate headquarters in San Antonio, Texas and a regional headquarters in Decatur, Georgia, Harland Clarke employs approximately 5,800 people and has manufacturing and contact center facilities nationwide. Harland Clarke Corp. is a wholly-owned subsidiary of Harland Clarke Holdings Corp., which is also the parent company of Harland Financial Solutions Inc. and Scantron Corporation.