WIXOM, Mich. -- RevSpring has again maintained its commitment to security and compliance by successfully meeting the necessary criteria to complete the AT 101 SOC 2 Type 2 audit under the American Institute of Certified Public Accountants (AICPA) guidelines. RevSpring has also completed PCI DSS 3.2 certification.

Benefits of completing SOC 2 include:

  • Improved standing with customers focused on privacy and confidentiality
  • Insight into best practices with regard to security controls and established procedures
  • More comprehensive awareness for management and its impact on risk assessment

The SOC 2 examination conducted by Auditwerx, a leading provider of CPA auditor assurance engagements, included a second auditor this year to ensure sufficient separation of duties. The audit provided a thorough review of RevSpring’s policies and practices in the following areas:

  • Security:  The system is protected against unauthorized access (both physical and logical).
  • Availability:  The system is available for operation and use as committed or agreed.
  • Processing Integrity:  System processing is complete, accurate, timely, and authorized.
  • Confidentiality:  Information designated as confidential is protected as committed or agreed. 

The PCI DSS v3.2 audit was conducted by Solutionary. A fundamental component of RevSpring’s certification is the decommissioning of TLS 1.0, a key part of the company’s strategic plan for 2017.

RevSpring has also completed the third-party assessment against additional security and privacy standards to ensure its continued position as an industry leader. The regulations that RevSpring had their security controls assessed against include the following:

  • HIPAA/HITECH (Health Insurance Portability and Accountability Act of 1996)
  • ISO 27001:2013 (Information Security Management Systems)
  • NIST 800-53 R4 (Federal Information Security Management Act of 2002)
  • GLBA (Financial Services Modernization Act of 1999)
  • MASS 201 (Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth)
  • NRS 603A (Nevada Security of Personal Information)

“RevSpring is dedicated to achieving the highest level of internal controls and compliance standards throughout operations,” said Peter David, RevSpring’s chief security officer. “Annually completing these valuable audits confirms the importance we place in our compliance program.”

About RevSpring
RevSpring facilitates over one billion customer interactions annually, serving more than 2,000 clients across the accounts receivables management, healthcare, financial services, and other end-markets. RevSpring’s billing and consumer communication platform allows organizations to receive payments faster with more communication options, including mail, web, text, and phone. In addition, RevSpring improves the workflow, design and distribution of consumer communications to make interactions more impactful, meaningful, and effective. For more information, visit www.revspringinc.com.


Heather Taylor                                                                                   

Next Article: Best Call Centers to Work For Participation ...

For more from RevSpring, visit their blog