A key component of the Yodlee Information Security Program is participation in regular audits and assessments to ensure that our services and operations are both compliant and secure with relevant regulations, industry standards and client expectations.
The scope of our regulatory and industry compliance efforts encompasses U.S. Banking Regulations, Federal and State data protection laws, PCI-DSS Compliance and EU Privacy Safe Harbor certification among others. In addition, Yodlee conducts a tiered program of self assessments and external testing to ensure our security profile is consistent with our and our clients' expectations.
- PCI-DSS (Payment Card Industry)
- Yodlee is a PCI Level 1 Service Provider
- BITS Shared Assessment Program
- Yodlee Information Security Program documented using a Standardized Information Gathering Questionnaire (SIG) covering 14 domains associated with information security and risk management
- Independent audit firm conducts Agreed Upon Procedures (AUP) to verify SIG
- Shared Assessment Program collects all the data needed to enable our customers to determine the sufficiency of our controls, using a more comprehensive and objective assessment than a SAS70. Learn more at Shared Assessments
- Examination by U.S. Banking regulators under FFIEC Supervision of Technology Service Providers