SOC 2 Compliance & Certification
FinFit’s annual SOC 2 report provides an independent 3rd party review of security & confidentiality controls and operational effectiveness of those controls, according to standards of the American Institute of Certified Public Accountants (AICPA).
What is a SOC 2 Type II Compliance?
FinFit’s SOC 2 Type II report covers industry best practices for security and confidentiality including:
Why is SOC 2 certification important?
SOC 2 Type II reports are an internationally recognized standard for assessing information technology security. The recurring SOC 2 audits ensure that FinFit’s security practices are consistently reviewed by experts and improved to meet a rigorous standard. Organizations should request proof of SOC 2 Type II reports, ISO 27001 certificates, or other industry-standard security framework before sharing data with 3rd parties. The absence of 3rd party security audits/certifications implies that an organization is self-monitoring and security practices can vary widely.
How often is FinFit audited/evaluated?
Audits are performed annually.