NDNB specializes in Experian Independent Third-Party Assessment (EI3PA) certification, audit, and compliance services for organizations involved in the processing, storage, or transmission of credit information obtained from Experian which is deemed sensitive).
Generally speaking, the EI3PA certification is very similar to that of PCI DSS compliance, but with some differences, such as the following:
- EI3PA is geared towards the protection of Experian-provided data, whereas PCI focuses on cardholder data, and
- EI3PA approval rests with Experian, unlike PCI DSS, where the major payments brand, the Payment Card Industry Security Standards Council (PCI SSC), and other interested parties that have a voice regarding PCI DSS compliance.
NDNB - North America's Leading Provider of Fixed-Fee EI3PA Assessments
Much like PCI DSS compliance, EI3PA has defined levels, along with requirements for quarterly vulnerability scans. In fact, you may have often heard that it is really identical to PCI DSS, just replace the requirements of "cardholder data" with that of "Experian-provided data," which is a fairly accurate statement.
As for the process of becoming EI3PA certified, it generally begins with a requirement from Experian themselves (Experian Information Security Department) notifying a reseller or some other intended party that EI3PA certification is being required. And much like PCI DSS, a QSA can conduct the actual Level 1 assessment. As for NDNB's EI3PA certification, audit, and compliance services, it consists of the following:
- EI3PA Readiness Assessment and Gap Analysis
- Remediation (as necessary from the Gap Analysis findings)
- Scanning and Penetration Testing Services
- Onsite fieldwork along with additional remote-fieldwork activities
- Report preparation, closing meeting, followed by issuance of EI3PA Report on Compliance
EI3PA and PCI DSS Framework
Though Experian does not make available to the general public the actual guidelines for its Independent Third-Party Assessment (EI3PA) certification, simply viewing the PCI DSS standards offers a clear understanding of EI3PA scope. At a high level, the EI3PA essentially mirrors the following twelve (12) Requirements within PCI:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Proven EI3PA Services and Solutions
To learn more about our EI3PA services and solutions, contact Chris Nickell at This email address is being protected from spambots. You need JavaScript enabled to view it. today, or call him directly at 1-800-277-5415, ext. 706.