March 24, 2021 – PCI is pleased to announce its successful completion of the Type 2 Service Organization Controls (SOC) 1 Type II and Service Organization Controls 2 Type II Attestation issued under the American Institute of Certified Public Accounts (AICPA) and Statement on Standards for Attestation Engagements No. 18 (SSAE 18) for 2020.
After a thorough external audit, the SOC reports were prepared and issued by Grant Thornton LLP, one of the world’s leading independent audit, tax and advisory firms. For the evaluation period ending in October 2020, the audit results indicate that PCI’s controls as a cloud service provider are appropriately designed and effectively executed.
These reports provide assurance that PCI’s hosted solutions will meet its customers’ business needs on a best-in-class cloud platform. PCI works globally with a variety of customers including federal and state entities, and strives to comply with industry best practices to deliver secure and reliable software solutions.
PCI follows the National Institute of Standards and Technology Special Publication 800-53r4 (NIST SP 800-53 rev.4) security framework, which provides a catalog of security and privacy controls for U.S. information systems.
Additionally, PCI’s controls are designed to be effectively executed while the firm’s Business Continuity Plan is in effect. During the COVID-19 pandemic, PCI has managed physical access to limit the spread of infections and continues to effectively execute its controls, as evident in its 2020 SOC reports.
“Providing secure and reliable software services by following industry compliance standards for cyber and physical security is our top priority,” said Buck Feng, Chief Technology Officer at PCI.