Security

Our Financial Instance Issuance Managed Services Offering (FII MSO), being a Payment Card Industry (PCI) Card Production and Provisioning Security Requirements, may perform Data Preparation activities in our approved facilities. Data preparation is the process by which credit card issuer and cardholder data are manipulated and configured for subsequent personalization by the issuer or different certified facility.

Our EDC US Federal environment is certified to NIST 800-53 (r4). NIST 800-53 is a catalog of security and privacy control for federal information systems and organizations for selecting controls to protect organization operations, organizational assets, individual, other organization, and the Nation from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors.

tScheme is the self-regulatory body for electronic trust service approval in the UK. https://www.tscheme.org/certificate-factory-entrust-datacard-europe-ltd

The European Telecommunications Standards Institute (ETSI) is an independent, not-for-profit, standardization organization in the telecommunications industry (equipment makers and network operators) in Europe, headquartered in Sophia-Antipolis, France, with worldwide projection. Our “ETSI 1” addresses eIDAS EN 319 401 v2.1.1 General TSP requirements and EIDAS EN 319 411 pt 1 v.1.1.1 eIDAS policy for Cas.

The European Telecommunications Standards Institute (ETSI) is an independent, not-for-profit, standardization organization in the telecommunications industry (equipment makers and network operators) in Europe, headquartered in Sophia-Antipolis, France, with worldwide projection. Our “ETIS 2” addresses Electronic Signatures and Infrastructures (ESI);Trust Service Provider Conformity Assessment -Requirements for conformity assessment bodies assessing Trust Service Providers. of the European Parliament and Council). The certificate has been issued by the A-SIT Certification Body (Austrian Secure Information Technology Center), as the eIDAS conformity assessment body, according to the article 20.2) of the eIDAS Regulation. Based on this certification, the TrustedX eIDAS product can be used with total guarantees for the generation of qualified remote signature, with legal validity in all member states of the European Union. The mentioned certificate can be found in the following site: https://www.a-sit.at/downloads/1071.

We are granted level 3 of ISO/IEC 5504 Certification by AENOR (www.aenor.es): body accredited by the Spanish National Accreditation Body (ENAC) for certifying products and services. This certification provides a solid base for the evaluation and improvement of the Quality Systems involved in developing software. 

UNE 166002 and standard CEN / TC 166555-1 – This is a certification for the activities of Research, Development and Innovation of security software for the areas of identity and trust, by AENOR (www.aenor.es): body accredited by the Spanish National Accreditation Body (ENAC) for certifying products and services. This certification ensures an R+D+I management system highly effective and efficient, resulting this in a differential factor of competitiveness and excellence of the products of the Company. On the basis on this certification, Aenor has issued a certificate of compliance with the European Standard CEN/TC 16555-1:2013 Innovation Management. Part 1: Innovation Management System. 

PrivacyMark – PrivacyMark System is a system set up to assess private enterprises that take appropriate measures to protect personal information. Such private enterprises are granted the right to display "PrivacyMark" in the course of their business activities. The System is in compliance with Japan Industrial Standards (JIS Q 15001: [Personal Information Protection Management System - Requirements]).

The Payment Card Industry Data Security Standards, or PCI-DSS, outlines strict requirements for securing payment card information while it is stored, processed or transmitted.

Our certified products include:

• nShield as a Service Direct (United States region)