Intuit compliance

Payment card Industry Data Security Standards

The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. PCI applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC) or Attestation of Validation (AOV) where applicable.

Service Organization Control

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The SOC 2 reports cover controls around security, availability, and process integrity of customer data.

International Standard for Information Security

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers, and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touchpoint audits (surveillance audits).

Voluntary Product Accessibility Template

A Voluntary Product Accessibility Template (VPAT®) is a document that explains how information and communication technology (ICT) products such as software, hardware, electronic content, and support documentation meet (conform to) the Revised 508 Standards for IT accessibility