Kimbia is Payment Card Industry Data Security Standard (PCI DSS 3.2) Level 1 certified – the highest available standard for credit card information security and privacy in the payment processing industry. In order to maintain this certification, each year Kimbia undergoes an audit performed by an independent auditor referred to as a Qualified Security Assessor (QSA).
The PCI DSS security requirements are endorsed by the PCI Security Standards Council, founded by a consortium of major credit card brands including Visa Inc., MasterCard Worldwide, American Express, Discover Financial Services, and JCB, to enhance credit and debit card data security.
Although other companies may claim to be PCI Compliant, organizations seeking to reduce the risk of storing sensitive donor credit card information should require Level 1 compliance.
Kimbia also subjects itself to an annual audit of its internal controls, performed by independent auditors of a CPA firm. Our most recent audit resulted in a “clean,” unqualified opinion in the auditor’s report – the strongest possible outcome of such an audit.
An SSAE16 SOC 1 audit report is issued under the guidelines put forth by the Statement on Standards for Attestation Engagements Number 16, which replaced the prior Statement of Auditing Standards Number 70 (SAS 70) standard. As a Type II report (the most comprehensive audit and report possible), the auditors’ opinion covered both the design and operating effectiveness of Kimbia’s internal control environment, inspecting both Kimbia’s software development environment as well as its business controls.
Although other companies may describe the server hosting environment of their software as SSAE16 SOC 1 compliant, few if any can claim that their company’s business and development environment have successfully completed such an audit with a positive result.