I like that they have an in house team with all security certifications which helps them see things from different eyes than others who are just looking at compliance issues alone or not qualified enought o understand how your business works internally as well.
Their processes seem thorough but it would be great if there were some way other then relying only upon word of mouth because so many companies claim this certification when really its nothing else except lip service - we've never heard back after submitting our info nor seen any actual audit results (though i'm sure those must exist). We're implementing multiple levels now including external auditing by third parties using outside resources where applicable along wth internal audits here within my organization's own network infrastructure etc..