There is nothing of more importance to the team at MoneyThumb than keeping our data and that of our customers safe. When our data is safe, so is yours. Handling highly sensitive financial information on a daily basis as we do, we have to pull out all of the stops to make sure none of that data can get into the wrong hands. Even though our data has always been highly secure, we are proud to announce that we now have become SOC 2 compliant. The process of becoming SOC 2 compliant is a rigorous and daunting one, but MoneyThumb passed with flying colors.
In this blog post, we will explain exactly what SOC 2 is, why it's important, and what SOC2 means for our company and our customers.
What is SOC 2 Compliance?
SOC stands for System and Organization Controls (SOC). SOC was developed by the American Institute of Certified Public Accountants (AICPA). There are varying levels of SOC compliance. In today's blog post we will be focusing strictly on SOC 2, which addresses internal controls related to the five Trust Service Categories or Trust Services Criteria (TSC.) as defined by the AICPA.
These are the criteria used to evaluate a company's adherence to and compliance with SOC controls. The TSC is classified into the following categories:
- Security. This refers to the protection of information and systems against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
- Availability. This speaks to whether the infrastructure, software, or information is maintained and has controls for operation, monitoring, and maintenance. These criteria also gauge whether your company maintains minimally acceptable network performance levels and assesses and mitigates potential external threats.
- Processing integrity. This category verifies that systems perform their functions as intended and are free from error, delay, omission, and unauthorized or inadvertent manipulation. This means that data processing operations work as they should and are authorized, complete, and accurate.
- Confidentiality. This category addresses the company’s ability to protect data that should be restricted to a specified set of persons or organizations. This includes client data intended only for company personnel, confidential company information such as business plans or intellectual property, or any other information required to be protected by law, regulations, contracts, or agreements.
- Privacy. This speaks to an organization’s ability to safeguard personally identifiable information (PII) such as name, social security, address, race, ethnicity, or health information from unauthorized access.
MoneyThumb's SOC 2 Compliance was certified by a technical audit by a 3rd party. The certification process included verification of the following:
- Our organization has an established process that guarantees oversight across the company, particularly as it relates to monitoring for any unusual, unauthorized, or suspicious activity.
- Our company receives alerts immediately whenever unauthorized access to customer data occurs.
- Our company has detailed audit trails to give you the insight you need to effectively conduct security operations and allow for rapid and accurate responses.
- Our organization has visibility at the most detailed level including user activity, processes, network connections, and more.
SOC compliance is a framework that applies to technology or Software-as-a-Service (SaaS) companies that store customer data in the cloud, which explains why it was so important to MoneyThumb that we become SOC 2 compliant. SOC requires the highest levels of data security and requires that companies have controls and practices in place to ensure customer data is safe and secure. Now that MoneyThumb is SOC 2 compliant, you can rest assured that your data is secured at the highest possible level.
Why is SOC 2 Compliance So Important?
Compliance with SOC 2 requirements indicates that our organization maintains a high level of information security. Strict compliance requirements (tested through on-site audits) can help ensure sensitive information is handled responsibly.
Complying with SOC 2 provides:
- Improved information security practices – via SOC 2 guidelines, our organization can better defend itself better against cyber attacks and prevent breaches.
- A competitive advantage – because customers prefer to work with service providers that can prove they have solid information security practices, especially for IT and cloud services.
SOC 2 Security Criterion: a 4-Step Checklist
Security is the basis of SOC 2 compliance and is a broad standard common to all five Trust Service Criteria.
SOC 2 security principles focus on preventing the unauthorized use of assets and data handled by the organization. This principle requires organizations to implement access controls to prevent malicious attacks, unauthorized deletion of data, misuse, unauthorized alteration, or disclosure of company information.
Here is a basic SOC 2 compliance checklist, which includes controls covering safety standards:
- Access controls—logical and physical restrictions on assets to prevent access by unauthorized personnel.
- Change management—a controlled process for managing changes to IT systems, and methods for preventing unauthorized changes.
- System operations—controls that can monitor ongoing operations, detect and resolve any deviations from organizational procedures.
- Mitigating risk—methods and activities that allow the organization to identify risks, as well as respond and mitigate them while addressing any subsequent business.
How SOC 2 Compliance Protects our Customers
Keep in mind that SOC 2 criteria do not prescribe exactly what an organization should do—they are open to interpretation. Companies are responsible for selecting and implementing control measures that cover each principle.
By being SOC 2 compliant, MoneyThumb can now do business with banks that require SOC 2 compliance, enabling us to serve more bank clients across the US and beyond.
Our product, PDF Insights with Thumbprint, has top-of-the-line data security and with MoneyThumb's SOC 2 certification, clients have further assurances that their data is secure using the strictest measures. The fact is that 2% of all loan applications contain fraudulent data and could cost your business hundreds of thousands of dollars. Thumbprint’s advanced AI file tampering detection algorithms and arithmetic checks identify suspicious documents and missing pages instantly.
In a nutshell, our customers can rest assured that along with our standard security measures, which go beyond any required by law, along with our SOC 2 compliance, your data will always be as safe as humanly possible, so you can use our product with great confidence in the security and privacy of your data.
Sources:
https://www.prnewswire.com/news-releases/engine-announces-completion-of-soc-2-type-2-examination-301444602.html
https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/trustdataintegritytaskforce.html
https://www.itgovernance.co.uk/soc-reporting
https://www.checkpoint.com/cyber-hub/cyber-security/what-is-soc-2-compliance/
Add comment