In an effort to show its finance company clients the caliber of available service, skip-tracing provider Secure Collateral Management (SCM) recently announced the successful completion of the SOC2 Type II audit earlier this month.
The Service Organization Control (SOC) 2 Type II examination demonstrates that an independent accounting and auditing firm has reviewed and examined an organization’s control objectives and activities, and tested those controls to ensure that they are operating effectively. This year, SCM upgraded that certification to include all five disciplines, which are:
• Security: SCM's systems are protected both physically and logically from unauthorized access.
• Availability: SCM's systems are designed to be available for operation according to agreements.
• Processing integrity: System processing is accurate, complete, timely and authorized.
• Confidentiality: Information designated as “confidential” is protected according to existing agreements.
The company highlighted that SCM and all affiliated recovery agents are fully licensed and insured as required by each state.
SCM principal Jim Farley emphasized that the company takes security seriously with controlled access buildings, fully encrypted data transfers and multiple levels of data access controls in place to protect personal data.
“Everyone in the industry talks about having compliance, but without every process, procedure and system being independently audited and certified, how can you be sure of it? That is the question we asked ourselves in 2014 prior to completing our first SOC2 Type II audit in just two of the disciplines,” Farley said in a statement sent to SubPrime Auto Finance News.
“Secure Collateral Management has constantly been an industry leader in performance and compliance. That is why in 2017, we decided to take on the monumental task of passing the SOC2 Type II in all five disciplines,” he continued.
“Talking compliance is a good start, but obtaining all five SOC2 Type II discipline certifications combined with independent vulnerability and penetration testing of our network, website and phone systems as well as having independently audited and certified financial statements is real compliance that our clients deserve,” Farley went on to say.
There are two types of SOC 2 reports: Type I and Type II.
The Type II report is issued to organizations that have audited controls in place and the effectiveness of the controls have been audited over a specified period of time. Type II Certification consists of a thorough examination by a third party firm of an organization’s internal control policies and practices over a specified period of time. The period of time is typically six months to one year. This independent review ensures that the organization meets the stringent requirements set forth by the AICPA and CICA.
“When trusting an application with highly sensitive and confidential information, such as passwords, documents and secure images, obtaining high level certification is imperative,” SCM said.
SCM also mentioned that it employs fully redundant data sources and systems to protect data and ensure the least amount of downtime in a disaster. The company added that having account information available to clients and agents 24/7 without interruption is a priority.
“Keeping our network secure is a top priority at Secure Collateral Management,” the company said. “In addition to third party annual network penetration testing and certification, Secure Collateral Management also performs quarterly in-house penetration tests to ensure local network security.”