NRA Achieves SAS 70 TYPE II Certification for Secure, Reliable, Effective IT Services

NRA Group, LLC., d/b/a National Recovery Agency, a leading provider in Revenue Recovery - Collection Services to the financial industry since its formation in 2005, released today that it has successfully renewed its SAS70 Certification.  The audit was conducted by SF&Company and covered all key operational areas of the organization. The audit required six months of rigorous testing which indicates controls are in place and properly being followed. SAS 70 Type II audits require annual testing and are more comprehensive than SAS 70 Type I audits, which are limited to reporting on an organization's controls at one moment in time.  

Steven C. Kusic, Chief Executive Officer commented: “The completion of the SAS70 process sends the clear message to all of our clientele that NRA has taken every precaution in ensuring the confidentiality and security of our customers’ sensitive data, and that we have minimized any potential risk exposure.  While this process was long and tedious, it was beneficial to our internal processes as well as to our client’s interests."

Through this intense certification process, the Company’s technology platform and operational processes are tested and must adhere to strict industry standards, as verified by an independent auditor. This certification provides customers with the assurance that their data is properly managed and in compliance at all times with the best practices available in the industry.  

Statement on Auditing Standards (SAS) No.70 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit validates that a service organization has completed an in-depth audit of their control activities, which include controls over information technology processes. A Type I report describes the service organization's description of controls at a specific point in time. A Type II report not only includes a description of controls, but also includes detailed testing of those controls over a minimum six month period.

SAS 70 was created in 1998, but received wide spread adoption after the Sarbanes-Oxley Act of 2002. Developed as a direct response to the corporate scandals of 2001-2002, Sarbanes-Oxley requires dramatic increases in institutional control from publicly traded companies.

NRA further assists clients in their compliance efforts concerning the Healthcare Insurance Portability and Accountability Act and the Gramm-Leach Bliley Act since the agency has:

Completed audits to be a Certified Agency through ACA's Professional Practices Management System (PPMS) program. Certification recognizes ethically responsible quality control and legally compliant agencies.

Completed a Payment Card Industry Data Security Systems (PCI – DSS)  audit for companies that accept and store credit card information.

To learn more about NRA, please visit NRA’s website at www.nationalrecovery.com