Integral Recoveries utilizes industry leading technology that results in cost reduction and higher returns for our clients. We have embraced the use of technology and blend it with a detailed and extensive manual effort from our account representatives. This gives us a tremendous advantage over agencies that rely solely on automated skiptracing vendor flows and dialers.
Integral Recoveries has and will continue to maintain our SSAE 18 SOC 1&2 certification. Our office and data centers are also IRS Publication 1075 compliant.
A few key components of our Information Technology Security Program are:
Extensive IT Training
All Employees and vendors receive our Cyber Security, Non-disclosure, Federal Taxable Information handling, and De-escalation training during orientation and recurring annually. We believe proper training sets us apart from our competition, reduces turnover, and creates a stronger more intelligent workforce. The vendor and employee Cyber Security training programs are administered by our Network Administrator to guarantee the training is applicable to our network setup and the applications we use.
Proprietary Training Program. Our IT training was crafted by us for our organization and client requirements. This allows us to provide our staff with very specific training that helps them operate in a compliant manner and understand their role at all times.
Annual retraining. In the technology world, regulations and suggested practices are constantly evolving. This means our training program is updated regularly to stay relevant.
Information Technology Steering Committee (ITSC)
We established a committee made up of key personnel who determine our IT security posture. The ITSC has oversight of the Integral’s security program. They meet regularly to discuss the company’s technology needs and vote on any proposed policy updates.
Control Review. The ITSC reviews our Risk Assessment results and makes informed decisions on new or updated controls.
Purchasing Decisions. All proposals for new hardware or software is reviewed by committee prior to being authorized or revised.
Varied Experience. There is a wide array of experience on the ITSC. We have individuals from our collection management team as well as our IT team. This ensures that all decisions are made with consideration of impact to client returns & data security requirements as well as our own organizations audit constraints.
Robust Risk Assessment Program
Our Risk Assessment Program has been developed over the years to be applicable to our business model. We assess, mitigate, and monitor risks that could affect our operation.
Logging and Analysis of Audit logs. All network, application, and file server traffic and changes are logged and analyzed weekly. Any anomalies are addressed immediately. We utilize a central logging server that delivers reports to a program and allows us to send alerts to key personnel 24/7. These logs also help our Steering Committee make informed decisions on implementing or revising controls.
Implementation of Controls. Includes multi factor authentication, data encryption, auditing on all network hardware and software, backup plan creation and testing, and vendor management.
In order to ensure the confidentiality and integrity of the important data shared with us, we’ve made data encryption an essential piece of our IT security policies. We utilize encryption to safeguard against unauthorized access to our data. Publication 1075 utilizes the encryption requirements of National Institute of Standards and Technology (NIST SP 800-53) and Federal Information Processing Standard (FIPS) 140-2 to constitute the encryption requirements agencies in receipt of federal taxable information (FTI) must comply with. We comply with all aspects of Publication 1075.
Our datacenter in Englewood, Co. is IRS Publication 1075, SOC 1&2, and PCI compliant. We control access to the data in our possession at all times. Our office has secured physical access with proximity readers on all staff entrances, an alarm system and cameras that are monitored 24/7, and a server room that is hardened to Publication 1075 specs.
Testing of Controls
It is important that the controls we put in place to mitigate a risk are effective for resolving that risk. Integral Recoveries is committed to:
Vulnerability Scanning. Our scans drill into risk events to uncover the problem driving the risk. We use scanning tools from industry leading providers as well as on site 3rd party auditors to ensure the things we put in place to control risk are appropriate and adhered to.
Internal Audits. Our management team performs random audits on our internal controls. This verifies that the measures put in place to avoid an audit failure are followed and remain effective and relevant.
Phishing Tests. We perform periodic tests of our users to ensure they understand the dangers of email attachments and other types of phishing attempts. Any user who fails a phishing test receives immediate retraining.
Alerts to key personnel. Our IT staff receives 24/7 alerts on many of the controls. If a server or other piece of network hardware goes offline we are notified immediately, so our team can troubleshoot the issue and put a corrective plan in place if necessary.