SOC 2 Compliance & Certification

SOC 2 Compliance & Certification

FinFit’s annual SOC 2 report provides an independent 3rd party review of security & confidentiality controls and operational effectiveness of those controls, according to standards of the American Institute of Certified Public Accountants (AICPA).

What is a SOC 2 Type II Compliance?

FinFit’s SOC 2 Type II report covers industry best practices for security and confidentiality including:
  • Senior Management’s continuous review and awareness of information security
  • Periodic risk assessments and continuous vulnerability scans
  • Review of subservice organizations’ 3rd party security audits
  • Mandatory employee security training and security policy awareness
  • Comprehensive Two Factor Authentication (2FA), monitoring, patching, logging, anti-malware, backups, disaster recovery, and network security
  • Firewalls, security appliances, encryption, data leakage prevention and role-based access controls safeguarding data
  • Advanced application penetration testing
  • Rigorous change control governance with formal deployment processes
  • Over 160 industry best practice controls audited by credentialed 3rd party security experts

Why is SOC 2 certification important?

SOC 2 Type II reports are an internationally recognized standard for assessing information technology security. The recurring SOC 2 audits ensure that FinFit’s security practices are consistently reviewed by experts and improved to meet a rigorous standard. Organizations should request proof of SOC 2 Type II reports, ISO 27001 certificates, or other industry-standard security framework before sharing data with 3rd parties. The absence of 3rd party security audits/certifications implies that an organization is self-monitoring and security practices can vary widely.

How often is FinFit audited/evaluated?

Audits are performed annually.

© Copyright . All rights reserved.

Loans are made by Celtic Bank, a Utah-Chartered Industrial Bank, Member FDIC. Loans subject to credit approval. Loan products, features, and service providers vary by state. Service providers are FinFit Ops, LLC (see licenses) or its affiliate, Salary Finance, Inc. (see licenses). See application terms and loan agreements for more details.

Funding time dependent upon funding method selected. Expedited funding may incur additional fees.

FinFit is a financial technology company and is not a bank. Banking services provided by Choice Financial Group; Member FDIC.

Student loan services are provided by unaffiliated third parties. FinFit loans issued by Celtic Bank do not include student loans.

Wage Now is fully funded and managed by an affiliate of FinFit. If any fees apply, those fees will be disclosed prior to entering into any agreements.
Residents of California, New York, North Dakota, South Dakota, Tennessee and Vermont are not eligible for WageNow. This does not constitute an offer or solicitation for WageNow to residents of those states.

FinFit’s Financial Wellness Program, which includes educational content, a financial assessment and a financial dashboard, are free to registered members.
Services offered may incur fees and/or interest. All fees will be disclosed prior to entering into any agreements.
Products listed are a representation of FinFit offerings. Actual availability may vary. The products available to you and your organization will appear on your FinFit membership dashboard. Actual loan amounts and rates offered vary based on lender, credit worthiness and other factors.

Privacy Notice (Sp) | FinFit Privacy Policy (Sp) | Licenses | *US Patriot Act | Website Terms & Conditions | Member Rewards Terms & Conditions
SC Consumer Rights & Responsibilities | NM Small Loan Consumer Brochure | NM Loan Rate & Fee Disclosure | Additional Information for NM Residents