We are pleased to announce that Compass has achieved Level One compliance with the Payment Card Industry Data Security Standard (PCI DSS) - a key indicator of our commitment to ensuring the data of those who use Compass is kept secure."Our team works every day to maximise the security and protection of our customers’ data,” says Lucas Filer, Compass co-founder, "PCI DSS is a key part of our broader information security strategy, so we’re extremely proud to have achieved full Level One compliance."
"The assessment process involved a rigorous five month review of the company's information security posture, and included not only interrogation of our governance approach,” continued Lucas, “but also penetration testing of our payment platform software by an independent security firm."
PCI DSS compliance is just one aspect of a much bigger picture when it comes to security. As Lucas explains, "ongoing refinement of security practices and procedures is part of our culture - and we work to do this at all levels of the business.”
"We understand that schools demand service providers who take compliance seriously, and my feeling is that this assessment demonstrates that commitment."
What is PCI DSS compliance?
Overseen by the Payment Card Industry Security Standards Council (PCI SSC), an independent body founded in 2006, PCI DSS compliance refers to a comprehensive set of security standards, requiring that any organisation that stores, processes, or transmits customer credit card information maintains strict controls and a secure environment. In order to achieve compliance, an organisation must demonstrate that they have implemented a number of mandated objectives, relating to technology design, network and physical data security.
Why is PCI DSS compliance important?
As Compass continues to expand its offerings for schools and parents and guardians in Compass school communities, the number of payments processed through CompassPay has grown. For example, using our new Canteen module, parents can now order and pay for school lunches through Compass. Similarly, we will be introducing the ability for parents to pay for events from the Compass app. Processing these payments, and indeed, offering great functionality like the ability for users to save their credit card details within our app, requires PCI DSS compliance.
Just as schools have a diverse range of regulation requirements they must meet, good providers to schools should endeavour to ensure they too are fully compliant.
Is your school management system PCI DSS compliant?
You can search search the Visa Global Registry of Service Providers and the Mastercard list of payment facilitators to see whether your school management system is a validated provider. You should also look out for the 'On the list! 2019' logo on the site of providers.
You can find more information about what it means to be on the Visa Global Registry here. The Visa Global Registry of Service Providers explains the importance of being on the registry:
"The Visa Global Registry of Service Providers is the payment industry's designated source for information on registered and compliant agents that provide payment-related services to Visa clients and merchants.When you are listed, you help secure the promise of a trusted payment system by highlighting your investment in data security and the protection of cardholder data."
Are you concerned about compliance in your school?
If compliance regulations are something you are concerned about in your school, Compass has produced a handy Compliance Checklist that will guide you through the necessary first steps you should take to ensure your school is compliant. You can download our Compliance Checklist by clicking the button below.
Compass is an all-in-one school management system working with over 1,800 schools in Australia to improve learning outcomes, drive operational efficiencies, and increase parent engagement. If you want to discover more about Compass, please get in touch with one of our product experts below.