Experian Independent Third Party Assessment is a list of requirements that is inflicted upon third parties who have access to Experian credit histories information. They have adopted the same requirements that are used by the PCI DSS. To be compliant you must implement 12 requirements.
- Install and maintain a firewall to protect credit history data
- Change default password and security parameters
- Protect credit history data by storing only what you need
- Encrypt the transmission of credit history data
- Keep an updated antivirus
- Keep up with patch management
- Restrict access to credit history data to business need to know
- Use unique authentication for users
- Restrict physical access to credit history data
- Monitor all access to credit history data
- Regularly test security systems and processes
- Maintain an information security policy
What InfoSecure can do for you
It is required by Experian that you provide evidence from a third party that you are in compliance. InfoSecure has Qualified Security Assessors who provide on-site assessment of your business to ensure compliance. Experian also requires web application and network penetration testing be completed once a year or after any modification. We have skilled penetration testers to help you maintain your compliance.