PLEASE REVIEW THIS COMPLIANCE POLICY CAREFULLY
Color Card Administrator. Corp - (CCA) The Security Policy aims to ensure CCA's information security and reduce the risk of damage by preventing security incidents and mitigating their potential impact. Maintaining the confidentiality, integrity, and availability of CCA's information assets is one of the most important things we do to protect our business operations and our status in the professional community.
The security standards industry is becoming more advanced and specialized. The alignment of CCA security activities to industry standards offers a systematic approach that can be taken to test and improve our cybersecurity maturity.
The management of security compliance is the collection of procedures that are used for the ongoing monitoring and evaluation of systems. These processes include the communication of information security compliance controls and procedures, the recording of those controls, and the automation of those procedures.
The goal is to ensure that CCA complies with all relevant industry standards, regulatory regulations, security policies, and business interests.
All production applications were hosted on Amazon's cloud environment by CCA. A range of different IT security standards is adhered to in designing and managing the customer-facing information technology infrastructure that Amazon Web Services (AWS) offers its users. The following is a selection of the assurance programs that Amazon Web Services is compliant with:
- SOC 1/ISAE 3402, SOC 2, SOC 3
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
- ISO 9001, ISO 27001, ISO 27017, ISO 27018
You may get more information on AWS Cloud Compliance by clicking here.
The ScaleMatrix data centre is responsible for the hosting of CCA Core Data. The data centres operated by ScaleMatrix make use of a variety of cutting-edge security methods and technologies, all of which contribute to the centres' ability to satisfy even the strictest regulatory requirements. The following is a list of some of the quality control and assurance programs that ScaleMatrix is in accordance with:
- SSAE18/SOC 1 Type 2, SOC 2 Type 2, SOC 3 Type 2
- PCI DSS v3.2 AoC and Merchant Level 4/SAQ C-VT Certification
You may get more information on ScaleMatrix Data Centre Compliance by clicking here.
CCA uses Cloudflare to quickly and easily protect and speed up their applications, APIs, and websites. L3-L7 network services, content delivery network, web application firewall, distributed denial of service protection, bot management, API security, web analytics, image optimization, stream delivery, load balancing, SSL, and DNS are all part of Cloudflare's architecture that aids CCA. Cloudflare complies with a wide variety of assurance programs, including the ones listed below:
- ISO 27001:2013, ISO 27701:2019, ISO 27018:2019
- SOC 2 Type II
- PCI DSS 3.2.1
You may get more information on Cloudflare Compliance by clicking here.
CCA Websites are PCI & CCPA Compliance as below:
To maintain the safety of their customers' credit card information, organizations must adhere to the technological and operational requirements set forth by the Payment Card Industry (PCI). The PCI Standards Council monitors and enforces PCI compliance to lessen the possibility that customers’ credit card information would be compromised during electronic storage, processing, or transmission.
CCA regularly complies with a set of rules established by businesses that issue credit cards because it is PCI compliant.
The California Consumer Privacy Act (CCPA) is a new data privacy law that goes into effect on January 1, 2020. It applies specifically to the processing of the personal information of California residents. This law mandates that businesses protect their customers' personal information and affords them privacy.
CCA has consistently provided evidence that it is committed to protecting the privacy of its users' data by routinely exceeding the standards set by the industry. The CCA is pleased that the CCPA will serve as a driving force in increasing the level of privacy consciousness within it.
CCA's solutions have privacy measures that help users comply with the CCPA, and CCA processes its Californian customers' data according to the law.