PASS now transmits data between the EU and USA under the protection of the Privacy Shield. In addition, the company has been granted a certificate in accordance with the internationally established security standard ISO/IEC 27001 for the operation and for service and application management of its Solution World Travel.
Between the European Union and the United States of America, there have always been principles in place in regards to safe transmission and storage of Personal Identifiable Information (PII). However, after scandals concerning the National Security Administration (NSA), the European Court of Justice has declared the previous framework called the International Safe Harbor Privacy Principles invalid in October 2015. Its successor, the EU-U.S. Privacy Shield, was published in late 2016. Shortly after the publication in December 2016, the PASS data center in Miami has also been certified under the EU-U.S. Privacy Shield, ensuring the minimum standards for protecting personal data of Europeans stored or processed in the USA. Currently, PASS operates travel management solutions for more than a dozen customers in the USA – including multiple corporations with global subsidiaries and technology providers that use PASS solutions for their Fortune 500 companies. These products include the Travel XML API Tool PASS XX/1 as well as systems for booking business trips including but not limited to Online Booking Tools (OBT). “Our customers likely serve more than half of the business travel market in North America and Europe, so for us it is a logical step to slip under the Privacy Shield and continue supporting them in securely operating their IT. Both personal data and sensitive information such as your desired location are exposed when booking business trips,” states Michael Strauss, Head of Business Unit Travel at PASS.
Certified to ISO/IEC 27001
For the operation and the service and application management of its Solution World Travel, PASS is also certified to the internationally established security standard ISO/IEC 27001. Here, the company relies on comprehensive experience: PASS solutions for ASP and BPO operation for the financial industry (insurances and banks) have been certified for quite some time. Based on this, an information security management system (ISMS) was established which ensures a consistently high level of quality and constant monitoring, as Stefan Luckhaus, information security officer at PASS, explains: “Our ISMS is based on proprietary tools such as the PASS Risk Advisor, which gives companies in the PASS Group access to an intelligent, rule-based risk management solution and supports company management with central, consolidated reports.”
For years, PASS has also been on top of increasing requirements for data security by regularly being certified in accordance with the international industry standard of credit card provider PCI DSS. “We are aware of our responsibility and are happy to go the extra mile to have our diligence confirmed by three different independent bodies,” Strauss summarizes.