TMS hires external auditors to evaluate the suitability of design and operating effectiveness of its internal controls pursuant to the American Institute of Certified Public Accountants’ Statement on Standards for Attestation Examinations No. 16 (SSAE 16). SOC1, Type 2.
“SOC 1SM reports are examination engagements performed by a service auditor (CPA) in accordance with Statement on Standards for Attestation Engagements (SSAE) 16,Reporting on Controls at a Service Organization to report on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements. Use of a SOC 1SM report is restricted to existing user entities (not potential customers).”1
Source:1 AICPA Service Organization Control Reports Terms, Conditions and Guidelines for Service Organizations
PCI DSS Compliance: TMS employs control measures that protect cardholder data; maintains a vulnerability management program; regularly monitors and tests networks, maintains an information security policy; and maintains a secure network, and is PCI DSS compliant. Additionally, in accordance with the guidelines set forth under PCI DSS, Tuition Management Systems employs the following:
- Implements strong access control measures
- Protects cardholder data
- Maintains a vulnerability management program
- Regularly monitors and tests networks
- Maintains an information security policy
- Builds and maintains a secure network
TMS incorporates the NASFAA Core Training into our contact center training curriculum to enhance understanding of the changes to the Student Aid Program and ensure that our Education Payment Advisors are using the same language that the families are being indoctrinated into during the Financial Aid process.
CORE is a comprehensive set of instructional materials for teaching financial aid fundamentals to individuals with less than two years experience. CORE’s 14 modules cover financial aid administration from A to Z. Thirteen of the CORE modules contain an instructor’s guide, a PowerPoint presentation, and accompanying trainee handouts. The Toolkit module (Module 14) contains resources covering cash management, recertification, and recordkeeping/reporting.