mail@gemini-theme.com
+ 001 0231 123 32
All demo content is for sample purposes only, intended to represent a live site. Please use the RocketLauncher to install an equivalent of the demo, all images will be replaced with sample images.
NDB provides comprehensive Experian EI3PA assessments for service providers that store, process, an/or transmit Experian provided data. Experian shares data with thousands of businesses throughout the world, and as such, they demand that these very businesses undertake annual EI3PA compliance assessments. Modeled after the PCI DSS standards, Experian’s EI3PA framework is comprehensive, challenging, and can take quite some time to complete. What’s needed is an expert assessor with years of experience working with Experian’s EI3PA framework, and that’s exactly what NDB offers. Call our seasoned EI3PA assessor today directly at 1-800-277-5415, ext. 705 to learn how we can help your business become compliant.
We’ve been working with the EI3PA standards for years now, performing audits from coast to coast for service providers that store, process, and/or transmit Experian provided data. While the EI3PA framework does closely mirror the PCI DSS standards, there are differences that you need to be aware of. Additionally, for service providers new to the EI3PA process, NDB offers a proven, lockstep methodology that saves both time and money.
With NDB, we follow a structured process – more specifically – a six-step process that works very well for all of our clients. From the initial scoping & readiness assessment to ongoing continuous compliance measures, we have you covered every step of the way.
The very first step in any EI3PA assessment is to perform a scoping & readiness assessment for ensuring the following goals are met:
Identifying and confirming project scope in regards to business processes, personnel involved, physical locations, relevant third-parties, etc.
Assessing control readiness against the prescribed EI3PA framework and identifying gaps and deficiencies that need to be corrected prior to the audit beginning.
Putting in place project milestones for different phases that include deliverables from both the client and the EI3PA auditing firm.
With a scoping & readiness assessment for NDB, service providers gain much-needed clarity and a clearer understanding of all aspects of the overall EI3PA engagement. Knowing what you’re getting into when it comes to auditing helps lay the groundwork for an efficient and cost-effective EI3PA engagement.
Much like any of today’s growing compliance mandates, the EI3PA assessment process requires service providers to develop robust information security policies and procedures. Without them, EI3PA compliance is simply not attainable. The challenge with documentation is three-fold.
First, organizations undergoing EI3PA compliance are greatly unaware – even shocked at times – at the volume of documentation that needs to be in place. Second, most organizations don’t have the bandwidth to develop policies and procedures for meeting EI3PA compliance. And third, even if they’ve found an adequate resource internally, they still need to source high-quality templates.
NDB offers comprehensive information security policy writing services for the EI3PA assessment process. We also offer world-class templates to service providers willing to author them on their own time.
If you’re new to EI3PA compliance – and don’t have much in the way of information security policies and procedures – then expect to develop upwards of fifty (50) different stand-alone InfoSec policies. That’s quite a bit, and its why service providers undergoing the EI3PA assessment process use our world-class templates. Call our seasoned EI3PA assessor today directly at 1-800-277-5415, ext. 705 to learn how we can help your business become compliant.
When we speak about the phrase “Operational – Technical – Security” remediation, it’s about the necessary configuration changes and other “heavy lifting” activities that need to take place. It’s much more than just writing policies and procedures (as stated in Phase II). Here are common examples of Phase III remediation initiatives that need to be undertaken:
EI3PA audits can be challenging indeed, largely because organizations are unaware of what to expect. Setting expectations early in the audit process is crucial. We can’t tell you how many times we’ve heard from new clients about challenges and issues during an audit because of lack of communication and an overall misunderstanding of the audit process itself. Here are some helpful guidelines when undertaking an EI3PA audit – and really – these guidelines can be applied to any type of audit as your organization goes through:
EI3PA audits are about collecting audit evidence and validating controls. With that said, expect to provide the auditors with a large amount of data. Specifically, auditors will request the following:
Screenshots of system settings
Once all the required fieldwork activities and audit deliverables have been completed, the findings within the report must be sent to Experian. From that point on, they will become the final approving authority in determining if an organization is in fact EI3PA compliant. Remember, the auditor cannot issue a final EI3PA certification, only Experian, so please keep this very important point in mind.
Once your annual EI3PA compliance and certification has been successfully obtained, it’s important to remember that monitoring one’s controls is critical. This is not the EI3PA auditor’s job – it’s your responsibility – so assign an internal employee such a task. Monitoring controls means conducting regularly scheduled assessments on internal controls – the critical policies, procedures, and processes within one’s daily infrastructure.
You don’t want to wait for the next audit to find issues – being proactive is the key here. NDB can help assist in developing an ongoing continuous monitoring program, one that’s efficient, cost-effective, and incredibly valuable. Call our expert EI3PA assessor today directly at 1-800-277-5415, ext. 705 to learn how we can help your business become compliant.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
Follow