TAMPA, FL – U.S. financial institutions, including banks, credit unions and alternative lending firms, should make it a practice to ask business borrowers managing consumer data if they have completed data security compliance exams as a precaution against a breach that could contribute to loan default.
“We know that a major data breach can bring a company to its knees financially, and potentially put it out of business,” said Eric Ratcliffe, Director at 360 Advanced, a nationwide IT assurance and compliance services firm providing integrated compliance solutions for business-to-business service providers. “High on the loan committee’s list of critical considerations should be whether a potential borrower in the consumer data management business has achieved third party data security compliance examinations. It’s just good due diligence given the current realties.”
Ratcliffe observed that commercial insurance carriers and underwriters are already offering better rates for clients managing consumer data if they have successfully completed a data security compliance audit. Many are requiring the exams as a condition before writing a policy. Typical examinations providing data security safeguards can include the Service Organization Controls (SOC) 1 and 2, Payment Card Industry (PCI) and the Health Insurance Portability and Accountability Act (HIPAA) standards.
According to the Verizon Data Breach Investigations Report, financial firms were hit with the most data breaches in 2015, with some 795 breaches, followed by the accommodation/hotel sector (282), information sector (194), public sector (193), retail (137), and healthcare (115).
ABOUT 360 ADVANCED
Known for its responsiveness, experience and professionalism, 360 Advanced has clients in more than 35 states that are major service providers in various industries, including cloud and SaaS based organizations. 360 Advanced is one of only a few specialized firms in the U.S. that assist service providers as their independent assessor in maintaining and communicating security and compliance to their clients.
360 Advanced’s services are provided, but not limited to, the following industries: Title Services, Hosted and Managed IT, Data Center and Colocation, Software as a Service (SaaS), Healthcare, Financial Services, Insurance, HR | Payroll | PEO, Legal and Collections, Bulk Mail Printing and Distribution, Background Screening, Business Process Outsourcing and Marketing. Services provided by 360 Advanced include SOC 1 (SSAE 16), SOC 2, SOC 3, PCI DSS, HIPAA Security/HITECH, Microsoft Vendor Policy and other security and compliance services. For more information, contact Eric Ratcliffe at eratcliffe@360advanced.com or visit www.360advanced.com.