Security & Trust Center

A Framework for Success

We adopt a comprehensive approach to protecting your information security interests. Transact follows the risk-based standards of the U.S. Commerce Department's National Institute of Standards and Technology (NIST) cybersecurity framework:

Identify

foundational business needs, functions and risks

Protect

information by installing robust safeguards

Detect

and contain potential incidents quickly

Respond

to incidents and mitigate risks

Recover

systems and data with as minimal disruption as possible

BitSight Security Rating

The BitSight Security Rating is the industry's only cybersecurity rating independently correlated to the likelihood of a cyber breach and an organization's stock performance. Combined with a dedicated committee to govern its ratings algorithm and associated policies, BitSight's customers trust our data to make meaningful business decisions.

Attestations and Compliance

To ensure that our customers' data confidentiality, integrity and availability are maintained, Transact conducts multiple internal and third-party audits on a scheduled basis. Our external certifications and compliances include:

Transact is committed to quality control and maintaining our high standards. Service Organization Control (SOC) 2 Type II certification demonstrates that an independent accounting and auditing firm has reviewed and examined an organization's control objectives and activities and tested those controls to ensure that they are operating effectively.

Request a Copy

Transact customers can rest assured that their credit card information is protected. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies that process, store, or transmit credit card information maintain a secure environment.

Request a Copy

Policies, Protocols and Practices

We believe in being transparent about the way Transact conducts business. Here are the ways that we demonstrate our commitment to being a partner that you can trust and depend on:

Application Security
Transact has implemented a secure software development lifecycle (secure SDL), requiring our product teams to include security training, tools, and processes that are in alignment with the Open Web Application Security Project (OWASP) and NIST. These guidelines include secure coding implementation in application architecture, authentication, session management, access controls and authorization, event logging, and data validation.

Network Security
Transact's network architecture ensures that sensitive data is protected through best business practice security policies and procedures. This includes hardened router configurations, network segmentation, Distributed Denial of Service (DDoS) protections, proactive monitoring, active vulnerability assessments, digital certificates, etc.

Host-Based Security
Transact employs a hardened, approved, and standardized build for every type of server used within the production infrastructure. This procedure disables unnecessary default user IDs, closes unnecessary or potentially dangerous services and ports, and removes processes that are not required.

Disaster Recovery, Business Continuity and Incident Response
Transact uses a high-availability architecture to ensure that, in the event of a failure, service performance continues to meet client expectations. Transact also maintains SOC 2 Type II, which requires the production, maintenance, and testing of a Disaster Recovery Plan (DRP). The current DRP is a formal recovery procedure for recovering the entire application in a different region. The DRP is tabletop tested annually and Transact also performs disaster simulations to test failover to secondary systems.

Privacy Policy

Cookie Policy

Accessibility Policy

Security PDF

Key Reasons Campuses Nationwide Trust Us