Compliance and Security

Compliance

Merkle RMG is compliant at the highest level (Level One) and most recent standard (3.1) of the Payment Card Industry Data Security Standard (PCI DSS). Developed by the Payment Card Industry Security Standards Council (PCI SSC), PCI DSS is a proprietary information security standard that ensures organizations can safely and securely process payment card information.

While previous versions of PCI DSS examined a representative sample of an organization’s processing activity, the most recent version, 3.1, examines an organization’s entire previous year of payment card processing activity in great detail.

Level One Compliance requires organizations to undergo quarterly and yearly scans, vulnerability and hacking attempts, and yearly on-site audits by external organizations. These stringent security measures help ensure that credit card information is safely and securely handled.

Every year, Merkle RMG contracts with a third party to conduct a Statement on Standards for Attestation Engagements (SSAE) 16 audit of generally accepted accounting practices. This industry-standard audit (formerly known as SAS 70) evaluates an organization’s business processes and controls by objectively “testing” its internal processes – from initial receipt of mail through depositing of funds. Merkle RMG makes this report available to all our clients.

Additionally, since 2002, Merkle RMG has been certified to the International Organization for Standardization (ISO) 9001 standard for effective quality management and continuous improvement. We are currently certified to the ISO 9001:2008 standard and will be recertified in 2018 to the recently released 2015 standard. Certification, which is verified through both internal and external audits, includes process documentation, quality measurement, continual internal audits, analysis and process improvement. Merkle RMG is the only company of its kind in the U.S. to hold this certification, and undergoes recertification every three years.

Security

At Merkle RMG, we take the security of our clients’ data, money, and products very seriously. Measures to ensure that security include:

  • Conformance to Merkle Inc.’s Global Information Security Program
  • Required security awareness training for all employees
  • 24/7 interior and exterior digital security camera recording (84 cameras total)
  • ID badge/card and/fingerprint reader access to facility and restricted areas
  • Remote alarm monitoring (unauthorized entry and fire)
  • Employee background checks (performed by Kroll Corporate Services)
  • Lockers provided for storing jackets, purses, and personal items
  • Restriction of personal items in processing areas
  • Postal pick-up using company-owned and -operated vans
  • Bank deposits using Check21 and bank couriers
  • Data encrypted for transmitting via secure FTP site
  • Comprehensive insurance coverage that includes: crime (including client data), errors and omissions, and $10 million general liability coverage, as well as a special and unique policy that covers the value of donations (based on historical values) in the event they are destroyed before they are processed.

We contract with outside auditors to perform quarterly technology audits of our enterprise systems, including penetration testing, data-at-rest-at-risk, application control and port vulnerability. Additionally, we deploy many industry-standard firewall, antivirus, spam/spyware and activity monitoring applications within our network infrastructure.