Compliance

Handle Financial, Inc. takes our partners’ information very seriously, and has comprehensive privacy and security assessments and certifications performed by multiple third parties.

Handle Financial, Inc. (“Handle”) completes an annual PCI DSS assessment using an approved Qualified Security Assessor (QSA). The auditor reviews the Handle environment, which includes validating the infrastructure, development, operations, management, support, and in-scope services. The PCI DSS designates four levels of compliance based on transaction volume. Handle is certified as compliant under PCI DSS version 3.2 at Service Provider Level 2.

The assessment results in an Attestation of Compliance (AoC) issued by the QSA. The effective period for compliance begins upon passing the audit and receiving the AoC from the assessor, and ends one year from the date the AoC is signed. The AoC is available to customers to show the QSA has determined that Handle Financial, Inc. is in compliance with PCI DSS v3.2.

Handle Financial, Inc. (“Handle”) is ISO/IEC 27001:2013 certified. Our Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization through the ISO/IEC 27001:2013 certification. This is an information security management system standard published in October 2013 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

A-lign, an independent, third-party auditor, has found Handle to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications. Handle has implemented several security measures and countermeasures that protect it from unauthorized access or compromise and IT personnel were found to be conscientious and knowledgeable in best practices.

Compliance with this internationally recognized standard confirms that Handle’s security management program is comprehensive and follows leading practices.