Section Navigation

 
 
 
 

Your Security Is Our Priority

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle credit cards from the major card schemes including Visa®, MasterCard®, American Express®, Discover®, and JCB (“Card Schemes”). PCI DSS is mandated by the Card Schemes and administered by the Payment Card Industry Security Standards Council. PCI DSS was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external qualified security assessor (QSA) or by a firm-specific internal security assessor (ISA) who creates a report on compliance (ROC) for organizations handling large volumes of transactions or by self-assessment questionnaire (SAQ) for companies handling smaller volumes.

PCI PA-DSS

The Payment Application Data Security Standard (PA-DSS), formerly referred to as the Payment Application Best Practices (PABP), is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC). PA-DSS was implemented in an effort to provide the definitive data standard for service providers that develop payment applications. PA-DSS aims to prevent customer hosted payment applications from storing prohibited secure data. PA-DSS also dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI DSS).

PCI-DSS-Compliant Blackbaud Solutions

  • Altru®
  • Blackbaud CRM™
  • Blackbaud Merchant Services™
  • Blackbaud NetCommunity™
  • Blackbaud Online Express™
  • Blackbaud Secure Payments™
  • Blackbaud Sphere®
  • eTapestry®
  • Luminate Online™
  • Mobile Pay™
  • Raiser’s Edge™
  • Blackbaud Payment Services™
  • everydayhero™

SOC1

A Service Organization Control (SOC) 1 audit, intended for CPA firms that audit financial statements, evaluates the effectiveness of internal controls that affect the financial reports of a client using a service provider’s cloud solutions. The Statement on Standards for Attestation Engagements (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) are the standards under which a SOC 1 audit is performed and the basis of a SOC 1 report. The Type II designation ensures that the controls were in place over a period of time from six months to one year.

SOC 1 Type II-Compliant Blackbaud Solutions

  • Blackbaud CRM™
  • Blackbaud Merchant Services™
  • Blackbaud Sphere®
  • DonorDirect™
  • Financial Edge™
  • Luminate Online™
  • MicroEdge™

SOC2

A Service Organization Control (SOC) 2 audit gauges the effectiveness of a service provider’s system or applications, based on the AICPA Trust Service Principles (security, availability, processing integrity, confidentiality, and privacy). The Type II designation ensures that the controls were in place over a period of time from six months to one year.

SOC 2 Type II-Compliant Blackbaud Solutions

  • Altru®
  • Blackbaud CRM™
  • Blackbaud Merchant Services™
  • Blackbaud MobilePay™
  • Blackbaud NetCommunity™
  • Blackbaud Online Express™
  • Blackbaud Payment Services™
  • Blackbaud Secure Payments™
  • Blackbaud Sphere®
  • Education Edge™
  • eTapestry®
  • Financial Edge™
  • Luminate Online™
  • Raiser’s Edge™
  • Raiser’s Edge Mobile™
  • ResearchPoint™
  • Target Analytics®
  • Team Approach®

HIPAA

HIPAA is an acronym for Health Insurance Portability and Accountability Act. HIPPA is the group of codes and regulations that define the treatment of protected health information (PHI) when a covered entity (healthcare organization) provides PHI to a vendor (business associate).

Blackbaud Solutions can be configured to meet organizational requirements related to HIPAA.

EU-US Privacy Shield

The Privacy Shield allows U.S. companies certifying that their data practices meet the framework’s principles to receive the personal information of EU residents.

Blackbaud was among the first wave of organizations to certify to the U.S. Department of Commerce that it adheres to the new Privacy Shield principles.

Sarbanes Oxley

The Sarbanes-Oxley Act of 2002 (often shortened to SarbOx or SOX) protects shareholders and the general public from accounting errors and fraudulent practices in publicly traded companies, while also improving the accuracy of corporate disclosures.

Blackbaud is committed to compliance with SOX in our business.

 
 

Blackbaud (NASDAQ: BLKB) is the world’s leading cloud software company powering social good. Serving the entire social good community—nonprofits, foundations, corporations, education institutions, healthcare institutions and individual change agents—Blackbaud connects and empowers organizations to increase their impact through software, services, expertise, and data intelligence. The Blackbaud portfolio is tailored to the unique needs of vertical markets, with solutions for fundraising and CRM, marketing, advocacy, peer-to-peer fundraising, corporate social responsibility, school management, ticketing, grantmaking, financial management, payment processing, and analytics. Serving the industry for more than three decades, Blackbaud is headquartered in Charleston, South Carolina and has operations in the United States, Australia, Canada and the United Kingdom. For more information, visit www.blackbaud.com.

Privacy Policy Privacy Shield Notice Terms of Use Acceptable Use Policy Sitemap
© 2017 Blackbaud, Inc. All Rights Reserved