Student Loan Collector Becomes FISMA Certified

Regional Adjustment Bureau, Inc. (RAB) a leading provider of student loan collection services to guaranty agencies and universities, has announced it has received third-party certification of its compliance with the Federal Information Systems Management Act (FISMA) from Crimson Security. This certification reinforces the overall quality, management, and data security assurance RAB offers clients, which also includes Standards for Attestation Engagements (SSAE) No. 16 certification, International Organization for Standardization (ISO) certification 27001:2005, and Payment Card Industry (PCI) certification.

FISMA is the information security standard used by Federal agencies to include the U.S. Department of Education (ED). Compliance with FISMA is therefore also required of ED’s Private Collection Agencies (PCAs).  FISMA provides “a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets.”  RAB’s certification verifies its completion of activities related to the following.

• Privacy Impact Assessment

• Privacy Threshold Analysis

• Business Impact Analysis

• Configuration Management Plan

• Contingency Plan

• Disaster Recovery & IR Plans

• System Boundaries

• System Security Plan

• Self-Assessment Reporting

• POAM Reporting

RAB Executive Vice President Bob Pugh stated, “Knowing Crimson has also provided the same services to PCAs now working for ED, I am confident our systems infrastructure provides a level of security that should encourage all potential clients, including the Federal government, to consider RAB as a potential partner.”