Updated December 2022

Cloud Security Compliance

The security of your data is important to Melissa. We have decades of history establishing and refining our controls to secure client data in an ever-changing and increasingly connected world.

To assure your personally identifiable information (PII) and financial data is securely managed, Melissa continually undergoes independent security audits to reinforce our commitment to data security, privacy, and compliance requirements. These certifications underscore Melissa’s commitment to security and quality.

SOC 2 - Security, Availability, & Confidentiality Report
SOC 2 examinations are based on standards set forth by the American Institute of CPAs (AICPA). Melissa has successfully completed both SOC 2 Type 1 and Type 2 audits for its data center and data processing organization.

  • SOC 2 Type 1 is a report on management’s description of the service organization’s system and the suitability of the design of the controls.
  • SOC 2 Type 2 is a report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls. It is the corporate industry’s standard for an overall control structure, and validates the comprehensive reliability, security, and availability of Melissa’s handling processes. By completing the SOC 2 Type 2 examination, we affirm our long-standing commitment to strong controls and safeguards for handling and processing your data.

Because Melissa’s processes, procedures, and controls have been formally evaluated and tested by an independent accounting and auditing firm–SSAE 16 Professionals, LLP–you can be assured that a high level of internet controls and security are established and maintained. The examination was conducted in accordance with the AT Section 101, Attest Engagements of SSAEs (AICPA, Professional Standards, Trust Service Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy). Reporting standards include an audit of Melissa’s controls relevant to security and availability and the suitability of the design and operating effectiveness of our controls.

HIPAA, HITECH and HITRUST – Protected Health Information
Melissa conducts ongoing annual third-party assessments in order to certify its adherence to the security standards required by HIPAA, HITECH and HITRUST Common Security Framework.

This legislation regulates the use and disclosure of an individual’s health information in any format, known as Protected Health Information (PHI). PHI includes a wide set of personally identifiable health and health-related data, from insurance and billing information to diagnosis data, clinical care data, and lab results. These rules apply to “Covered Entities”, which include hospitals, medical services providers, employer sponsored health plans, research facilities and insurance companies that deal directly with patients and patient data, as well as “Business Associates”.

HIPAA was expanded by the Health Information Technology for Economic and Clinical Health Act in 2009. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. For additional information on how HIPAA and HITECH protect health information, visit: here.

Medicare/Medicaid Fraud, Waste & Abuse Certification
Melissa’s data quality services, such as address and data verification, are used by many Healthcare companies that provide health, prescription or administrative services to Medicare. As such, Melissa meets the Centers for Medicare & Medicaid Services (CMS) requirement to comply with all applicable federal laws, regulations and CMS instructions. As Melissa is fully compliant, staff undergo annual training designed to prevent, detect, and correct fraud waste and abuse, and serves as an important tool in ensuring we are successful in adhering to those requirements.

Industry Compliance

Leveraging 30 years of experience and deep domain knowledge, Melissa address verification solutions combine reference databases for over 240 countries and territories, support for diverse character sets, and postal certification to deliver high quality, trusted data for more than 10,000 clients worldwide.

Project US@ - Unified Specification for Address in Health Care
Project US@ was established by the Office of the National Coordinator (ONC) for Health Information Technology to create standards for patient address information. Melissa’s Address Object and Personator tools are in compliance with the Project US@ Technical Specification for Patient Addresses Domestic and Military, Version 1.0. These products validate address information at the point of entry in patient registration and standardize address information according to United States Postal Service® (USPS®) guidelines.

USPS® CASS™/DPV® Certification
CASS (Coding Accuracy Support System) is provided by the United States Postal Service® (USPS) to test vendor software and ensure the accuracy of address coding is within 99.9% of the quality threshold. When DPV is applied to CASS processing using USPS authoritative reference data, it certifies that an address can actually receive mail to the delivery point. Melissa’s address verification solutions utilize a CASS Certified™ engine to help businesses keep address data clean, standardized and compliant. Learn more about Melissa CASS Certification here.

USPS NCOALink® and Canada Post® NCOA Certification
USPS NCOALink processing matches a customer file against the USPS dataset of permanent moves over the last 48 months to move update mailing addresses and prevent undeliverable-as-addressed (UAA) mail. NCOALink processing is an approved method to meet the USPS Move Update requirement for discounted mail. Canada Post NCOA matches a customer file against the Canada Post dataset of permanent moves over the last 72 months. Melissa is a non-exclusive, full-service provider of both NCOALink and Canada NCOA. Learn more about Melissa NCOA Services here.

USPS PAVE™ Certification
PAVE software certification is provided by the USPS to determine the accuracy in presorting address files that are destined for bulk mail services through the Post Office™. Presorted mailing is quicker and easier for the Post Office to process, so they provide discounted pricing for mail that is accurately presorted. Melissa’s address verification solutions are PAVE certified.

International Postal Certification
Melissa’s international address verification solutions are able to parse, analyze, correct, and format addresses according to local postal standards to ensure your mail gets to the right address. Melissa holds Canada Post SERP®, Royal Mail, and EIRcode® certifications for address verification in Canada, the United Kingdom, and Ireland. Learn more about Melissa’s postal agency partners and the official postal data we offer here.