PCI Group Meets NIST FISMA Compliance Standards for Enhanced Risk Management and Data Protection

PCI Group, one of the nation’s leading document delivery and rapid outbound mail service providers, announced today that it has completed the Federal Information Security Management Act (FISMA) Third Party Report on Controls and met the  compliance standards established by the National Institute of Standards and Technology (NIST). In doing so, the company not only met the FISMA standards, but did so at their highest criteria level.

According to PCI Group President and CEO Chris Kropac, Jr., “PCI’s voluntary FISMA compliance is an extension of our stringent risk management and quality controls particularly as they relate to the information security and protection of our clients’ sensitive data. Our continued enhanced level of compliance is integral to our robust security plan – an internal assessment and controls implementation program designed to ensure the full integrity of essential business operations in the event of any potential natural or manmade threat, whether environmental, acts of terrorism or vandalism, or power outages.”

PCI’s FISMA compliance is the latest in the company’s continued commitment to meeting the highest standards of security and quality controls. FISMA is also the most extensive of the various compliance standards requiring extensive steps to ensure risk management across several categories from access control to contingency planning. It required PCI to plan, implement and test hundreds of controls relating to risk reduction and mitigation.

Prior to gaining FISMA compliance, PCI had already achieved compliance with other essential legislation and regulatory standards including the American Institute of Certified Public Accountants’ (AICPA) Statement on Auditing Standards (SAS) 70 Type II Audit, AICPA’s Service Organization Control (SOC) Reports Standard, Payment Card Industry (PCI) Data Security Standard (DSS), Health Insurance Portability and Accountability Act (HIPAA) Security Rule and State Data Breach Notification Laws. Additionally, the company has rigorous Disaster Recovery and Business Continuity Protocols in place to further assure the security and continuity of its operations.

PCI Group Inc. is a family-owned and operated business founded in 1970. The company provides comprehensive document delivery services by rapid outbound postal mail, email, fax or digital mailbox delivery. PCI’s 93,000 square foot facilities are company-owned and state-of-the-art featuring card key access, handprint scanners, digital camera security systems, CCTV monitoring, self-contained U.S. Postal Service plant loading facility, diesel back-up electrical generator, full-building UPS battery back-up system and CPU room equipped with Halon fire suppression system.