SOC 2 Compliance & Certification

FinFit’s annual SOC 2 report provides an independent 3rd party review of security & confidentiality controls and operational effectiveness of those controls, according to standards of the American Institute of Certified Public Accountants (AICPA).

What is a SOC 2 Type II Compliance?

FinFit’s SOC 2 Type II report covers industry best practices for security and confidentiality including:

Senior Management’s continuous review and awareness of information security
Periodic risk assessments and continuous vulnerability scans
Review of subservice organizations’ 3rd party security audits
Mandatory employee security training and security policy awareness
Comprehensive Two Factor Authentication (2FA), monitoring, patching, logging, anti-malware, backups, disaster recovery, and network security
Firewalls, security appliances, encryption, data leakage prevention and role-based access controls safeguarding data
Advanced application penetration testing
Rigorous change control governance with formal deployment processes
Over 160 industry best practice controls audited by credentialed 3rd party security experts

Why is SOC 2 certification important?

SOC 2 Type II reports are an internationally recognized standard for assessing information technology security. The recurring SOC 2 audits ensure that FinFit’s security practices are consistently reviewed by experts and improved to meet a rigorous standard. Organizations should request proof of SOC 2 Type II reports, ISO 27001 certificates, or other industry-standard security framework before sharing data with 3rd parties. The absence of 3rd party security audits/certifications implies that an organization is self-monitoring and security practices can vary widely.

How often is FinFit audited/evaluated?

Audits are performed annually.

FinFit Loans are issued by Celtic Bank, a Utah-Chartered Industrial Bank, Member FDIC. Loans subject to credit approval. Residents of Colorado, Connecticut, Iowa, Vermont, West Virginia, Nevada and Massachusetts are not eligible for loans. Nothing in this advertisement constitutes an offer or solicitation for loan products to residents of those states. Actual time it takes for loan approval dependent upon loan verification set up with your employer.

Funding time dependent upon funding method selected. Expedited funding may incur additional fees.

Student loan services are provided by unaffiliated third parties. FinFit loans issued by Celtic Bank do not include student loans.

Wage Now is fully funded and managed by an affiliate of FinFit. If any fees apply, those fees will be disclosed prior to entering into any agreements.
Residents of California, New York, North Dakota, South Dakota, Tennessee and Vermont are not eligible for WageNow. This does not constitute an offer or solicitation for WageNow to residents of those states.

FinFit’s Financial Wellness Program, which includes educational content, a financial assessment and a financial dashboard, are free to registered members.
Services offered may incur fees and/or interest. All fees will be disclosed prior to entering into any agreements.
Products listed are a representation of FinFit offerings. Actual availability may vary. The products available to you and your organization will appear on your FinFit membership dashboard. Actual loan amounts and rates offered vary based on lender, credit worthiness and other factors.