Compliance

PLEASE REVIEW THIS COMPLIANCE POLICY CAREFULLY

OVERVIEW

Color Card Administrator. Corp - (CCA) The Security Policy aims to ensure CCA's information security and reduce the risk of damage by preventing security incidents and mitigating their potential impact. Maintaining the confidentiality, integrity, and availability of CCA's information assets is one of the most important things we do to protect our business operations and our status in the professional community.

The security standards industry is becoming more advanced and specialized. The alignment of CCA security activities to industry standards offers a systematic approach that can be taken to test and improve our cybersecurity maturity.

The management of security compliance is the collection of procedures that are used for the ongoing monitoring and evaluation of systems. These processes include the communication of information security compliance controls and procedures, the recording of those controls, and the automation of those procedures.

The goal is to ensure that CCA complies with all relevant industry standards, regulatory regulations, security policies, and business interests.

COMPLIANCE

All production applications were hosted on Amazon's cloud environment by CCA. A range of different IT security standards is adhered to in designing and managing the customer-facing information technology infrastructure that Amazon Web Services (AWS) offers its users. The following is a selection of the assurance programs that Amazon Web Services is compliant with:

• SOC 1/ISAE 3402, SOC 2, SOC 3
• FISMA, DIACAP, and FedRAMP 
• PCI DSS Level 1
• ISO 9001, ISO 27001, ISO 27017, ISO 27018

You may get more information on AWS Cloud Compliance by clicking here.

The ScaleMatrix data centre is responsible for the hosting of CCA Core Data. The data centres operated by ScaleMatrix make use of a variety of cutting-edge security methods and technologies, all of which contribute to the centres' ability to satisfy even the strictest regulatory requirements. The following is a list of some of the quality control and assurance programs that ScaleMatrix is in accordance with:

• HIPAA 
• SSAE18/SOC 1 Type 2, SOC 2 Type 2, SOC 3 Type 2
• PCI DSS v3.2 AoC and Merchant Level 4/SAQ C-VT Certification

You may get more information on ScaleMatrix Data Centre Compliance by clicking here.

CCA uses Cloudflare to quickly and easily protect and speed up their applications, APIs, and websites. L3-L7 network services, content delivery network, web application firewall, distributed denial of service protection, bot management, API security, web analytics, image optimization, stream delivery, load balancing, SSL, and DNS are all part of Cloudflare's architecture that aids CCA. Cloudflare complies with a wide variety of assurance programs, including the ones listed below:

• ISO 27001:2013, ISO 27701:2019, ISO 27018:2019
• SOC 2 Type II
• PCI DSS 3.2.1
• C5:2020

You may get more information on Cloudflare Compliance by clicking here.

CCA Websites are PCI & CCPA Compliance as below:

Tweet