The Experian Independent Third Party Assessment (EI3PA) assesses Third Party entities for their ability to protect sensitive information acquired from Experian. Experian requires these entities to annually comply with EI3PA requirements, helping to ensure that Third Parties protect credit history data as well as Experian does.
In an EI3PA assessment, an independent assessor evaluates a Third Party's information security based on the EI3PA standard, provided by Experian. EI3PA also establishes quarterly network scans for vulnerabilities. Although similar to PCI compliance, EI3PA focuses on how a Third Party protects Experian-provided data instead of cardholder data. Also, EI3PA is approved by Experian and not by the card issuer.
Experian's policy is that consultants who perform PCI DSS assessments are qualified to perform EI3PA assessments. The EI3PA assessment must therefore be performed by a Qualified Security Assessor (QSA) as defined and listed by the PCI SSC on their website. With our current PCI QSA certifications, Dara Security possesses the skills required to conduct accurate EI3PA assessments.