Sumsub
The Sumsuber

Best practices for KYC/AML

News
2022-07-04
2 min read

Sumsub receives a SOC 2 Type 1 report to reinforce its commitment to information security and privacy

Sumsub is proud to announce our successful completion of the SOC 2 Type 1 examination, resulting in a CPA’s report.

This completion demonstrates that we’ve maintained effective controls over the security of our identity orchestration platform. The engagements were performed by independent auditor BARR Advisory, P.A.

The System and Organization Controls 2 audit, or simply SOC 2, verifies whether service providers, such as Sumsub, have sufficient security guidelines that are properly implemented. While SOC 2 isn’t a requirement, it yields various benefits: service providers considerably strengthen their reputation for information security, while clients save time and money on auditing. 

There are two types of SOC 2 reports. The SOC 2 Type 1 report assesses the design of security processes at a specific point in time, while the SOC 2 Type 2 report assesses the effectiveness of those controls over time (e.g., 3 months or 1 year). 

SOC 2 Type 1, a widely recognized auditing standard, is designed to give the examined companies assurance that the measures they take to process customer information are effective. The American Institute of Certified Public Accountants (AICPA) has developed a list of principles and related criteria to undertake the examination: 

  • security;
  • availability;
  • processing integrity;
  • confidentiality;
  • privacy;
  • HIPAA Security Rule Requirements.

Sumsub complies with the SOC 2 security principle, which means that information is protected throughout the entire user lifecycle following a risk-based approach. This implies the presence of proper security controls that protect against unauthorized access, disclosure or damage of information.

“The successful completion of the SOC 2 type 1 examination clearly indicates that Sumsub has the appropriate controls in place to mitigate risks related to data security and privacy,” said Andrew Sever, Co-founder and CEO of Sumsub. “This certification reinforces our ongoing commitment to provide our customers with the highest level of information security as well as our continuous investment in the protection of our clients’ data”.

When choosing a service provider, businesses have to ensure that shared data won’t be compromised. Instead of manually auditing every possible provider, companies can extract this information from an independent SOC 2 Type 1 examination. 

Current or prospective Sumsub customers interested in a copy of our SOC 2 Type 1 report may contact our sales team via email [email protected]

Share