BillingTree Completes 2017 PCI-DSS 3.2, HIPAA(ePHI) & SSAE-16 Certification of Validation

  • audits conducted by MegaplanIT, LLC and validated on August 30th, 2017

Phoenix, Ariz. – September 20, 2017 BillingTree® announced today it has successfully completed the PCI-DSS Level 1, version 3.2 audit. The attestation of certification (AOC) was issued August 30th, 2017 by an authorized Third Party Assessor and a Qualified Security Company (QSC), certified by the PCI Security Standards Council.  BillingTree also obtained a Satisfactory opinion from a Third Party audit firm for the SSAE 16 SOC 1 and HIPAA audits.

BillingTree added the SSAE 16 SOC 2 audit to their external audit and compliance program this year, also receiving a Satisfactory opinion.  The SOC 2 audit is an engagement based on the existing SysTrust and WebTrust principles and evaluates an organizations information systems relevant to security, availability, processing integrity, confidentiality or privacy.

BillingTree undergoes these efforts to ensure the organization securely aligns its policies, procedures, and technical systems in an effort to secure PCI, ePHI, sensitive, and financial data.

The annual assessment process requires detailed evaluation of key areas of the business including but not limited to:  Policies and Procedures; Network Data Flow with Narrative; Documented System and Network Inventory; Physical/Environmental Security, both corporate and data center; Internal & External Vulnerability Assessment; Internal & External Penetration Testing; Encryption; System & Network Hardening Standards; Patch Management; Access Control; Data Storage; Wireless Network Analysis; Testing of Deployed Security Measures; and Monitoring/Response Assessment.

“In an environment that continues to focus on regulation, the connection between clients and their trusted technology providers is crucial,” said Edgars Sturans, CEO and President at BillingTree. “With these critical three audits completed for 2017, customers have validation that BillingTree’s processes and procedures operate at or above the latest industry standards.”

“Adhering to industry standards yet again validates BillingTree’s security posture is in line with information security’s best practices,” said Anthony Petruso, MegaplanIT’s Director of Compliance Services.  “These standards also encourage behaviours such as regular vulnerability scanning, application security reviews, penetration testing, and following best practices of cryptography standards, which will bolster resilience against cyber security threats generally.”

About BillingTree
BillingTree® is the leading, technology focused payment solutions company providing innovative Accounts Receivables products and services that enable organizations to increase efficiency and decrease costs of processing payments while adhering to compliance regulations. For over a decade, BillingTree has committed itself to understanding the marketplace and growing payments with technology, helping merchants accept multiple payment channels while offering comprehensive value their clients have come to rely on. BillingTree has a reputation for dependable solutions and extraordinary customer service, processing billions of dollars of payments annually through a suite of solutions and services that integrate with your company’s needs. Visit or call 877.4.BILLTREE for payment technology that works.


Back to the blog