We’re happy to share that TicketSignup has successfully completed our annual PCI audit for PCI DSS 4.0.1 Level 1 for Payment Facilitators.
For those who have been with us for a while, this will sound familiar—and that’s by design. Completing a PCI audit is an important milestone, but it’s also a routine part of how we operate. Security isn’t something we turn on for an audit; it’s baked into how we design, build, and run our products every day.
Security as a Daily Practice
Our teams think about security at every stage of the product lifecycle—from architecture and development to testing, deployment, and ongoing operations. We invest heavily in security through dedicated internal engineering and trusted third-party tools and services, making security part of the everyday work behind TicketSignup.
The annual PCI audit is an external validation of these ongoing practices. It confirms that our systems, processes, and controls meet or exceed the standards required to protect all of our customer data, including payment card data—but the real work happens every day, not just during audit season.
Of Interest to Event Directors
This is a good time to remind event directors that security is a shared responsibility.
TicketSignup is responsible for providing a secure platform—and we take that responsibility seriously. At the same time, Event Directors play an important role in protecting their own accounts, teams, and participants.
Simple, everyday actions make a real difference:
- Using strong, unique passwords and enabling multi-factor authentication
- Limiting Dashboard access so team members only have the permissions they need
- Deleting team member access once they leave your organization
- Keeping devices and browsers up to date
- Being cautious with emails, links, and file uploads
- Handling downloaded data appropriately, including storing it securely and deleting it when it’s no longer needed
- Working with partners and vendors who take security seriously, especially if you are sharing data with them or you are giving them direct access to TicketSignup.
Working Together
We see security as a partnership. When secure platform design is combined with good operational habits by Event Directors, everyone benefits: organizers, participants, and donors alike.
As always, we’ll continue investing in security as part of how we build and operate TicketSignup. And we appreciate the role our customers play in keeping the entire ecosystem safe.
If you ever have questions about security, PCI, or best practices, our team is always happy to help.
If your organization requires our Attestation of Compliance, it is available upon request.