TSYS > Products & Services > Compliance > Risk Management and Compliance

Risk Management and Compliance

TSYS® understands that risk is part of doing business. Understanding and managing that risk is key.

Our Enterprise Risk Management and Compliance (ERMC) program is a competitive advantage in the global marketplace with these principles:

  • TSYS continues to evaluate and implement new processes, procedures and capabilities to enhance our ability to secure your data. 
  • Our governance structure is designed to identify and mitigate risks at all levels.
  • Our team members receive mandatory training in ethics, risk, compliance and security.
  • Should a disaster occur, we are prepared to recover and continue to plan for other contingencies as appropriate.

TSYS has a robust risk management and compliance program designed to protect client data and address evolving threats to our environment. The primary purpose of the program is to provide management the necessary information to make informed decisions designed to reduce risk, see opportunities and mitigate vulnerabilities across the enterprise. 

Program goals include:

  • Protecting client data, team members, visitors and physical assets
  • Ensuring compliance with applicable legal and regulatory requirements
    • Federal Sentencing Guidelines
    • Gramm-Leach-Bliley Act
    • Bank Secrecy Act / Anti Money Laundering
    • USA PATRIOT Act
    • Foreign Corrupt Practices Act
    • Trading with the Enemy Act
    • HIPAA
    • Others (e.g. Association guidance)
  • Minimizing interruptions of client services
  • Reducing risk associated with Business Continuity / Disaster Recovery
  • Identifying and mitigating risks which could result in financial or reputational losses while optimizing capital growth
  • Reducing risk and severity of non-malicious actions which could result in lost revenue or disruption of services
  • Developing and rehearsing responses to adverse events related to the safety and security of personnel, property, data and potential instances of reputational damage

Our Corporate Security Policy (CSP) is based on ISO 27000 security standards. TSYS has several programs specifically focused on data security. 

  • The Cardholder Data Security Program (CDSR) is a formal program designed to review/validate where data is stored within TSYS, types of databases used and format, and the sufficiency of policies and controls surrounding both protection and access. The CDSR is a key component of TSYS’ annual Gramm-Leach-Bliley Act (GLBA) Risk Assessment.
  • TSYS has a formal training program which includes four courses which are required to be completed annually by team members. These  include:
    • Ethics
    • Information Security awareness
    • Compliance
    • Risk awareness

Key elements of the TSYS security program:

  • Defense in Depth: TSYS employs the industry best practice of “security zones,” which requires publicly facing servers to reside in a DMZ and critical servers (application/database) to reside in protected back-end networks. 
  • Data Leak Prevention:  TSYS maintains a strict process for reviewing information leaving the organization through e-mail and the Internet by using both proxy and content filtering solutions. TSYS also has a SPAM management program to protect the organization from unwanted or malicious emails.
  • Application Protection:  TSYS has multiple access control applications.
  • User / Network Protection:  TSYS has multiple controls to both protect data and systems.
  • Physical Security: TSYS has a dedicated Physical Security department as part of the Risk Management Division. 
  • Risk and Compliance:  TSYS has a robust assessment and compliance program, which includes a three-tired risk and compliance governance structure (i.e. Enterprise Risk and Compliance Committee; Operational Risk and Compliance Committee; and, Business Unit Risk and Compliance Committee), focusing on tactical, operational and strategic risks.

For more information, contact your TSYS client representative.