Protecting Credit Data

Access to credit data comes with significant risk. Experian created the Experian Independent 3rd Party Assessment (EI3PA) compliance program to mitigate this risk by ensuring third parties adequately safeguard consumer data. Technical providers, agents of end users, and platform providers are all required to assess their compliance against the EI3PA standard on an annual basis.

The protection of Experian provided data is also required by various laws, including the GrammLeach-Bliley (GLB) Safeguards Rule, the Fair Credit Reporting Act (FCRA), and the Federal Trade Commission Act. Non-compliance with EI3PA can affect an organization's ability to receive Experian data and expose them to legal risk.

Image Intro

Complying With EI3PA

When establishing the EI3PA requirements, Experian decided to leverage an existing standard governing another type of sensitive information--credit card data. The Payment Card Industry (PCI) Data Security Standard (DSS) is broken into twelve high-level requirements, each consisting of many sub-requirements. These requirements include things like protecting stored data, encrypting data across public networks, and physically restricting access to data. Each organization requiring EI3PA compliance must meet all requirements to be considered compliant.

To demonstrate compliance, organizations are typically required to go through a formal audit process with a certified PCI QSA company, like Aeris Secure. This assessment process is called an Experian Independent 3rd Party Assessment (EI3PA) or an Experian Security Assessment Requirements (ESAR) Level 1 assessment. Companies just gaining access to Experian products and credit data may be permitted to go through a less rigorous process called an ESAR Level 3 self assessment. However, a Level 1 assessment is always required a short time after completing the Level 3 assessment process.

Aeris Secure has helped many companies understand, meet, and certify against the EI3PA requirements. Because every company has a different level of experience, we tailor our services to include exactly what you need and nothing you don't. This includes options and support for both EI3PA/Level 1 and ESAR Level 3 assessment types.

What Our Clients Say

We couldn't ask for a better partner to help us maintain our EI3PA compliance. The team at Aeris Secure is helpful and knowledgeable and their approach to our compliance makes our annual audit run smoothly. Most importantly, our projects finish on time and on budget. That's why we keep going back to them year after year.

Author Scott COO of Informative Research

EI3PA Compliance Packages to Suite Your Needs

Choose from 3 tiers of service to get what you need and nothing you don’t.

If you would like to be PCI certified in addition to EI3PA, we can bundle the assessments and save you money.

Core


  • Remediation & Consulting
  • EI3PA Audit
  • Compliance Check-ups
  •  
  •  
  •  

Enhanced


  • Gap Analysis
  • Remediation & Consulting
  • EI3PA Audit
  • Compliance Check-ups
  •  
  •  

Premium


  • Training
  • Readiness & Scoping
  • Gap Analysis
  • Remediation & Consulting
  • EI3PA Audit
  • Compliance Check-ups

Ready to get started?

If you need more information, have specific questions, or want exact pricing, we are here to help.

Get Started

GET IN TOUCH

Call us at (214) 556-6613 or   CONTACT US