Third Party Audits and Certifications

TERMS & POLICIES

Third Party Validation

Third Party Validation

Vendor management and due diligence are best practices for all organizations, particularly financial firms and other highly regulated organizations. To assist customers with this process, we engage third party auditors to conduct regular testing on our services, internal controls, and data centers. We make the resulting reports available to customers on request.

Third Party Validation

SOC 2

SOC 2 audits test and report on the design, as well as operating effectiveness of non-financial internal controls, at cloud vendors. These audits are based on Trust Service Principles that cover policies, communications, procedures, and monitoring.

ISO 27001

ISO 27001 is an internationally recognized, standards-based approach to security. It outlines requirements for a company’s Information Security Management System (ISMS).

SIG Questionnaire

The Standardized Information Gathering (SIG) Questionnaire is a compilation of data security questions and information technology. It spans across a field of control areas into one industry standard questionnaire. The SIG is issued by Shared Assessments, a global organization dedicated to third party risk assurance.

Independent Penetration Testing

An independent auditor completes periodic security penetration testing (“ethical hacking”) with respect to our key internet-facing systems and applications, and provides us with formal reports of the penetration test results. This testing simulates access attempts by unauthenticated individuals to identify, validate, and attempt to exploit vulnerabilities that might be used by attack agents (e.g. malicious persons on the internet and cyber criminal organizations).