Skip to main content
SOC 2 Compliance & Certification

SOC 2 Compliance & Certification

FinFit’s annual SOC 2 report provides an independent 3rd party review of security & confidentiality controls and operational effectiveness of those controls, according to standards of the American Institute of Certified Public Accountants (AICPA).

What is a SOC 2 Type II Compliance?

FinFit’s SOC 2 Type II report covers industry best practices for security and confidentiality including:
  • Senior Management’s continuous review and awareness of information security
  • Periodic risk assessments and continuous vulnerability scans
  • Review of subservice organizations’ 3rd party security audits
  • Mandatory employee security training and security policy awareness
  • Comprehensive Two Factor Authentication (2FA), monitoring, patching, logging, anti-malware, backups, disaster recovery, and network security
  • Firewalls, security appliances, encryption, data leakage prevention and role-based access controls safeguarding data
  • Advanced application penetration testing
  • Rigorous change control governance with formal deployment processes
  • Over 160 industry best practice controls audited by credentialed 3rd party security experts

Why is SOC 2 certification important?

SOC 2 Type II reports are an internationally recognized standard for assessing information technology security. The recurring SOC 2 audits ensure that FinFit’s security practices are consistently reviewed by experts and improved to meet a rigorous standard. Organizations should request proof of SOC 2 Type II reports, ISO 27001 certificates, or other industry-standard security framework before sharing data with 3rd parties. The absence of 3rd party security audits/certifications implies that an organization is self-monitoring and security practices can vary widely.

How often is FinFit audited/evaluated?

Audits are performed annually.