Being in the fintech/financial industry, keeping your data safe, private, and compliant with relevant regulatory requirements is important to LSQ. While U.S. banks follow the Federal Financial Institutions Examination Council (FFIEC) recommendations for Authentication and Access to Financial Institution Services and Systems guidance for cybersecurity and data protection, non-bank financial institutions are largely left without regulated standards.
Service Organization Compliance (SOC) certification (commonly referred to as SOC 2) is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality. and privacy. The third-party attestation validates an organization’s description of the system and the suitability of the design as well as operational effectiveness over a period of time.
What is SOC 2?
SOC 2 is a voluntary compliance standard for service organizations based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy, and is intended to ensure the protection of customers’ data. A SOC 2 report is tailored to the unique needs of each organization. Depending on its specific business practices, each organization can design controls that follow one or more of the five principles of trust. SOC 2 doesn’t tell you “how” to ensure these principles, but cites criteria required to maintain robust information security.
How is SOC 2 Certification Done?
SOC 2 certification is done through a third-party auditing firm. They audit your policies, process and controls to assure satisfaction of SOC-2 requirements. There are two types of SOC 2 reports:
- Type I: Describes the organization’s systems and whether the system design complies with the relevant trust principles.
- Type II: Details the operational efficiency of these systems.
LSQ’s technology and practices are certified by third-party agencies to help you keep your data properly governed and compliant.
LSQ has been SOC 1 compliant for years, what is the difference between SOC 1 and SOC 2?
SOC 1 compliance secures a service organization’s interaction, transmission, or storage of users’ financial statements. A SOC 1 report helps management, investors, auditors, and customers evaluate internal controls over financial reporting within guidelines laid out by the AICPA.
The difference between SOC 1 and SOC 2 is that SOC 1 focuses on financial reporting, whereas SOC 2 focuses on compliance and operations from a broader perspective and is inclusive of all customer data, not just financial.
The successful completion of the third-party attestation demonstrates LSQ’s continued commitment to deliver high-quality services to its clients and partners by implementing best practices in data privacy and security.
“The threats to IT environments have never been greater,” said Steve Piubeni, LSQ’s Director of Compliance. “Businesses have an obligation to vet their vendors to ensure they meet specific standards; in fact, it’s a regulatory requirement for many companies. By completing our SOC 2 examination, we provide those companies with assurance that we are compliant with these rigorous standards.”
According to LSQ Director of Information Security Danny Wall, the completion of SOC 2 will allow companies to begin accessing LSQ’s working capital finance and payments platform much quicker.
“Our process (to onboard clients onto LSQ FastTrack®) has always been efficient,” said Wall. “A large part of the implementation time has been the client going through the process of verifying IT security and privacy within LSQ and the platform. Now, with SOC 2 customers can expedite that process and start realizing the value of the solution faster.”
To learn more about the FastTrack’s built-in security capabilities and LSQ’s commitment to data privacy, visit our security and compliance page.