VoPay Completes SOC 2 Compliance (Type 1)

Posted on February 13, 2023

A staggering 77% of IT decision-makers in the United States and Canada believe their companies will experience a data breach within the next three years. No doubt, data breaches are a top concern for every industry leader. 

As a commitment to delivering the highest level of compliance, security, and oversight to its clients, we are proud to announce the completion of our SOC 2 Type 1 attestation. 

Our clients, partners and associates put their trust in us, and we take that responsibility seriously. Our goal at VoPay is to ensure each and every client can safely and securely access our full suite of products and services confidently, with the assurance every end-user receives the best possible secure experience. 

And that is why SOC 2 Type 1 Audit was a critical step in our journey forward. 

" Working towards being SOC2 compliant did not just help us create or improve our policies; it also helped make our systems better and our company stronger. It created a purpose on another level where everyone participated in working to achieve this goal and built a compliance culture among all employees where everyone embraced the ownership." 

Hamed Arbabi, VoPay CEO

What is SOC 2 Type 1?

SOC 2 Type 1 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA) and specifies how organizations should manage customer data.

The American Institute of Certified Public Accountants (AICPA) developed SOC 2 around five Trust Services Criteria

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

SOC stands for Service and Organization Controls. A SOC 2 is a System and Organization Control 2 report where an auditor reviews a company’s controls, whether or not they are designed appropriately and operate effectively. After a thorough review of systems and over 100 controls, the Auditor (a CPA firm) issues a report showing a company has adequate controls governing information security in their environment. 

Note: The SOC 2 audit is a process in which a CPA firm assesses the risks associated with using service organizations and other third parties. 

Data Breaches To Watch For 

Microsoft, Newscorp, and Red Cross made the top ten list, and not in a good way. These organizations had some of the most significant data breaches in 2022. In January this year, T-Mobile’s data breach impacted 37 million customers

There are various ways these data breaches can happen; for this one specifically, a “bad actor” manipulated one of the company's application programming interfaces (APIs) to steal customers' names, email addresses, phone numbers, billing addresses, dates of birth, account numbers, and service plan details.

System Failure- Includes incidents like DDoS attacks or hackers accessing your network and deleting critical files or adding malicious code that causes the system to fail. In the news and online, it’s often referred to as an “unintentional or unplanned outage” on a network. 

Security of PII (Personal Identifiable Information (PII) - This type of data breach typically happens when sensitive data is stolen, such as birthdate, home address and social security number. We hear about this often in the news when credit card information is stolen, and at work, you listen to employers warning about being extra careful with work computers because they are nervous about PII security. 

Cyberattacks via:

  • Malware-based attacks (Ransomware, Trojans, etc.)
  • Denial of Service attacks (DOS and DDoS)
  • Drive-by download attacks
  • Session hijacking
  • URL manipulation

How The SOC2 Process Works

It is a rigorous process. The goal is to prevent the unauthorized use of data and assets. This primary goal means that companies like VoPay must PREVENT disclosure of company information, unauthorized misuse and deletion of data and malicious attacks. 

An auditor from a CPA firm goes into a business and goes through these four points, according to CheckPoint

  1. Access controls—logical and physical restrictions on assets to prevent access by unauthorized personnel.
  2. Change management—a controlled process for managing IT systems changes and methods for preventing unauthorized changes.
  3. System operations—controls that can monitor ongoing operations, detect and resolve any deviations from organizational procedures.
  4. Mitigating risk—methods and activities that allow the organization to identify risks and respond and mitigate them while addressing any subsequent business.

Data Security Is Vital. How SOC2 Helps

To fully grasp why SOC2 compliance is essential, you don’t have to look very far for data breaches exploding in the news. With a compliance management market projected to reach $74.8 billion by 2028, finding the right partner is crucial to push the initiative forward. 

“A strong security compliance program is essential in a company’s ability to scale,” said Adam Markowitz, Co-Founder and CEO of Drata. “With Drata’s automation-led approach, VoPay is able to continuously maintain that compliance without sacrificing its focus on critical business initiatives.”

As one of the market's most reputable and fast-growing security and compliance software solutions, we were proud to have Drata by our side throughout the process. 

Knowing that a data breach can mean lost revenue, loss of customer trust and cause a significant stain on reputation, our organization wanted to take every opportunity to protect our clientele. 

Learn More about VoPay’s SOC 2 Compliance

If you have any questions at all about VoPay’s SOC 2 Type 1 Report, please reach out and contact us. Here at VoPay, we know how important security and compliance are for clients and Fintech currently and for the future. 

Related Posts

Never miss an insight

Get the latest Open Banking, Fintech & LendTech articles delivered straight to your inbox every month!

Sign Up for Our Newsletter

By entering information in any part of this form, I confirm that I have read and understood VoPay’s Terms of Service & Privacy Policy