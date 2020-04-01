WAKEFIELD, Mass., April 1, 2020 /PRNewswire/ -- Vestmark announces that it has successfully completed two versions of the Statement on Standards for Attestation Engagement No. 18 (SSAE 18) Type II examination, which test an organization's controls and processes related to data security and accounting.
The SSAE 18 Type II exam, also known as Service Organization Control (SOC) 1 Type II, and the SOC 2 Type II audit, were conducted on both Vestmark's software-as-a-service (SaaS) platform, VestmarkONE®, and its outsourced service offering. The audits were performed by the assurance solutions and compliance firm Skoda Minotti for the fifth consecutive year. As a result of these audits, Vestmark received Service Auditors' Reports demonstrating its procedures, controls, and infrastructure met or exceeded the SOC 1 and 2 criteria for data protection, confidentiality, security, and operational efficiency.
"It is vital that our customers have peace of mind that the confidential information they entrust to us is fully protected," said Charles D. Johnson, Chief Information Officer of Vestmark. "Vestmark is committed to continuously focusing on this area as a firm, and we continue to expand the complexity of the audits we undertake in order to ensure our internal controls and procedures remain on the cutting edge."
SOC 1 and SOC 2 are internationally recognized auditing standards developed by the American Institute of Certified Public Accountants (AICPA). The SOC 1 examination for a SaaS platform validates the data integrity of the system for user organizations. This provides clients with the confidence that their data is secure and accurate. The scope of the review includes controls and procedures related to the secure storage, handling, software development, change management, and transmission of data. Vestmark's audited functions included network connectivity, firewall configuration, disaster recovery, database access, data backup, and fire suppression.
The SOC 2 examination focuses on controls and procedures related to compliance and operations, in accordance with the AICPA's Trust Services criteria. The AICPA Trust Services criteria serve as an industry standard in data security, which validates that Vestmark has a vested interest in maintaining world-class information security.
"Since Vestmark first sought us out to perform these rigorous SOC examinations five years ago, we have been consistently impressed with the firm's best-in-class technology and business infrastructure," said Ben Osbrach, CISSP, CISA, QSA, Partner-in-Charge of the Risk Advisory Group at Skoda Minotti. "With SaaS platforms and business outsourcing services becoming more commonplace in financial services and other industries, it is crucial for organizations like Vestmark to demonstrate they have strong accounting controls as well as the capabilities to safeguard confidential data. Vestmark continues to maintain one of the most robust data security programs in the industry, supported by excellent operational controls."
SOC reports have become increasingly vital under Sarbanes-Oxley regulations, which require companies to ensure their third-party service providers have adequate internal data security and accounting controls. Vestmark customers can use the firm's Service Auditor Reports to demonstrate Sarbanes-Oxley compliance, as well as compliance with Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and ISO 27001 regulations.
