Solutions
Featured product
Accelerate and automate security & SOC2 compliance for free!
Learn more
Platform
Collect, Protect, and Exchange Control Integrate with ease
All use cases
Card Issuers Payment Optimization Tokenization API Storing Credentials Identity Verification
Compliances
PCI SOC 2 CCPA HIPAA GDPR
Developers
Documentation
For developers to quickly and easily start building their own secure apps on top of the VGS data security infrastructure.
Learn more
Guides Getting Started
FAQs
Company
A Very Good Story
Learn how VGS became the first company to truly enable businesses to offload their data security liability.
Learn more
Product Overview About VGS Careers Press
Resource Library Blog Contact Partners
Pricing
Request a demo

EI3PA Questions, Answers and Solutions

What is EI3PA compliance?

Experian Independent Third-Party Assessment (EI3PA) is the annual security assessment required when third parties access, transmit, store, or process credit reports and other regulated data from Experian. Gaining access to Experian’s credit reports, APIs, and consumer data used in identity verification and credit checks requires completion of EI3PA. To become compliant, companies must have their information security systems, policies, and procedures annually evaluated by an independent assessor to ensure they meet the guidelines and requirements. EI3PA provides Experian with the assurance that its technical providers have implemented the necessary and reasonable security safeguards to protect consumer information.

Is it difficult for a company to receive EI3PA compliance on its own?

EI3PA requires an evaluation of a third party’s information security program and controls by an independent assessor based on requirements provided by Experian. Many of the security controls are similar to PCI DSS requirements, but there are additional unique requirements, including multifactor authentication and external vulnerability scans that companies must submit on a quarterly basis.

Is EI3PA compliance the same as PCI DSS compliance?

While EI3PA security control requirements are adapted from PCI DSS requirements, they are not the same. EI3PA is designed to protect Experian data, not credit card data. Many of the security controls are similar, but there are additional unique requirements, including multifactor authentication and external vulnerability scans that companies must submit on a quarterly basis.

Does it take long to set up a project with a company that has received EI3PA compliance?

It doesn’t take long to set up a project with a third party that has already achieved EI3PA compliance. For example, Very Good Security (VGS) has been audited by an independent EI3PA Qualified Security Assessor (QSA) and achieved EI3PA compliance certification. By layering VGS around your systems, you can achieve EI3PA compliance quickly and minimize both development costs and security risks. VGS provides full audit support from compliance and engineering teams throughout the compliance life cycle.

Any Questions?

We're happy to get in touch. Search our documentation, contact support, or connect with our sales team. You can also chat live with VGS engineers in our Slack channel.

Featured product

Platform

All use cases

Compliances

Documentation

A Very Good Story