Data Security is our number one priority at PBI. We recognize that all relationships with current and prospective clients are based upon integrity and trust, and we take our role as custodians of confidential information very seriously. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the evolving demands and challenges of security.
PBI receives data files from customers that contain personally identifiable information (PII). Social Security Numbers (SSNs) are required to effectively and properly search death data files. SSNs are also required to search various commercial data sources and obtain current address information.
Privacy PBI only performs death audit services and address location services for clients able to prove a specific permissible purpose. These include: fraud prevention, fiduciary obligations, or pursuant to compliance with a law or regulation. PBI validates all potential clients, with documented background checking procedures to ensure that the client is legitimate and has a valid reason to be granted access to our suite of services.
Technical Systems PBI has implemented systems and procedures to protect this PII from unauthorized access. Data in our network and databases are encrypted in-transit and at-rest; and access is granted using the least privilege principle. Additional access controls include multi-factor authentication, nondisclosure agreements, activity monitoring, regular employee review and training programs, with annual testing and background checks.
The security of our database is tested on a regular basis. Any suspected breach of security is immediately reported to the PBI Security Committee, and subsequent steps are taken according to documented procedure.
Risk Control Our network security incorporates several layers to protect from external threats, segregate internal traffic and protect against application-specific threats. We have intrusion detection alerts logged to a dedicated security event management system with 24/7 alerting. Access to information and technology is provided on a need-to-know basis and is based upon job function and clearance level. User access capabilities are updated immediately upon change of job responsibilities, leave of absence, or employee termination.
Security Assessments Knowing that even the best procedures and systems could have a weakness, PBI regularly uses third parties to test and audit our security controls. We conduct daily network security assessments, annual third party application security reviews and penetration tests. On an annual basis, PBI obtains an independent third party validation of our system and practices as part of an annual SSAE-16 SOC 2 audit.