Skip to content

Security, compliance and data protection

At Edenred, technology is an important part of our business. As we continue to improve and expand our products and services, our security procedures are more important than ever.

PCI and SOC 2 Type II

Edenred complies with the highest standards of data protection in the world.

pci-logo-teal

PCI

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands.

Edenred is a PCI-certificated company with the highest standard of controls and certified procedures for cardholder data.

SOC-2-Type-2-236x300.png

SOC 2 Type II

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing and transfer of data.

Edenred operations and procedures are audited regularly to ensure Edenred meets and exceeds all standards expected of service providers. We are compliant with SOC 2 to ensure your data is protected, available and secure.

Edenred complies with the California Consumer Privacy Act and GDPL

 

Learn more about Edenred’s corporate security practices

IT worker assessing risk at desk

Network device management

Edenred IT staff owns and is responsible for the network infrastructure, including all developmental activities as well as enhancements to the infrastructure. Designated employees of Edenred IT staff are the only individuals authorized to connect or disconnect network devices to the network. Users do not extend or re-transmit network services in any way. This means users do not install routers, switches, hubs, or wireless access points to the network without Edenred IT Management approval.

To properly diagnose network problems, avoid duplicate addresses, etc. Edenred IT staff are responsible for and administer connection-related protocols for all devices on the network. In addition to registering all workstations, any devices that connect to the network such as laptops, printers, hubs, or instruments are registered. Conversely, Edenred IT staff is aware when networked devices are removed from service so their registrations can be cancelled.

Male IT Worker at Laptop
Male and female software developers in office

Software development life cycle procedure

Managing sensitive information in our system

  • During the project initiation phase, Edenred identifies all the sensitive information e.g. Credit card information, ACH information, Debit card information.
  • Edenred establishes processes to store the sensitive data encrypted.
  • Edenred establish processes to securely transmit sensitive information.
  • Edenred establishes processes to grant access to secure information.
  • Edenred’s Information Security Manager and the Chief Information Officer review/approve all processes.

Code compilation

Code is compiled using .NET framework and set the warning level to the highest standards.

Security awareness and training

The security and stability of the information systems are vital to daily operations. An awareness and training program for all staff is critical to achieving and maintaining an effective information security capability. Information security awareness, training, and education improves employee behavior and accountability, and reduces the risk of unauthorized activity.

All employees and contractors complete Information Security training upon hire and subsequently at least annually. The Information Security training required for all employees and contractors covers identification and reporting of suspicious activities relative to incident response.

All employees sign an agreement stating that they understand all Edenred Information Security Policies including the Edenred Acceptable Use Policy and that they shall abide by them. This training is be completed prior to any user being granted access to any information system. Users undergo security awareness training prior to be granted access in any capacity to PII, PHI and/or CHD.

All information security-training activities are adequately documented, and individual training records are retained for at least three years.

Woman Taking Online Training
Information Protection concept diagram

Information protection and flow

Information systems storing, processing, or serving confidential data as defined by the Information Classification, Labeling and Handling Policy are secured with logical and physical access controls. Physical access controls are used to restrict access to hardcopy internal and confidential information.

Logical access to electronic information are granted only with written approval by the employee’s are used to restrict physical access to information systems storing confidential information including restricting physical access to the office facility itself.

Hardcopy information classified as confidential are protected by physical access controls for the office facility. Confidential information are stored in locked cabinets when not in use especially outside of office hours. Locked offices do not provide sufficient protection as cleaning and/or facilities maintenance staff may have access locked offices. Confidential information is not copied or faxed from equipment not owned and/or operated by Edenred.

Vulnerability and patch management

Due to the importance of the confidentiality, integrity, and availability of Edenred systems and information, all Edenred IT staff are proactive in implementing security measures designed to reduce any risks that might result in impaired productivity, increased costs, or damage to its business reputation due to malfunctioning system components or system components with security vulnerabilities. To ensure the security of the network and protect the Edenred’s data, all computers and network devices are maintained at vendor supported levels and critical security patches are applied in a timely manner consistent with an assessment of risk

Set of vulnerable locks concept blocks

Learn more about offering Edenred Benefits to your team.