Prometric PCI Compliance

Prometric does not use anyone’s personally identifiable information for any purpose other than to administer a testing program including DSST. To that end, testing candidates who provide confidential information to Prometric can be assured that it will be handled with industry standard security. All personal candidate data and payment information, whether captured by our online registration system or by our professional contact center staff, is contained in secure database systems that support testing activity.

Secure Testing Browser

Our Internet-based Testing (IBT) platform is protected by a digital certificate provider, and whenever personal information is requested or displayed on IBT, we use encryption technology such as Secure Socket Layer (SSL) encryption to prevent unauthorized access to data.

For the protection of candidate payment information, Prometric is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). To maintain this standing Prometric hires a third-party security firm (qualified security assessor) to conduct an official PCI compliance audit each year as well as periodic penetration tests to check the resistance of our systems. A signed attestation of PCI compliance  is available to all test centers upon request.