Wealthica, the leading Financial Data Platform in Canada, announces the successful completion of the audit to obtain the System and Organization Controls (SOC) 2 Type II certification.
A SOC 2 Type II certification is an audit performed by an independent auditor that confirms that Wealthica’s internal controls are effective for protecting customer information.
A SOC 2 audit is conducted to validate the internal controls related to one or more Trust Service Criteria (TSC). These criteria are Security, Availability, Processing Integrity, Confidentiality, and Privacy as defined by the American Institute of Certified Public Accountants (AICPA). More than only an audit on the internal controls design and implementation, the SOC 2 Type 2 also audits the effectiveness of controls over a set period.
Wealthica’s internal controls are built on the best industry practices to align those to the SOC 2 criteria objectives and requirements which are specifically designed for service providers. This allows Wealthica to have the proper governance, controls, procedures, and safeguards in place to protect customer data from cyber attacks.
Wealthica focused on the TSC for Security and Availability for the SOC 2 audit. As a Software as a Service (SaaS) platform, not only does Wealthica focus on security, but also availability, particularly since API and whitelabel clients rely on the platform for their firm.
“We’re extremely proud to announce SOC 2 Type II certification, ” said Simon Boulet, CEO of Wealthica. “Keeping user data safe is our top priority and today’s announcement reiterates our commitment to the highest level of compliance and protection using the latest technology”, he added.
Security and privacy are the top priorities for Wealthica. Wealthica is committed to upholding the highest level of protection for user data by monitoring and running daily vulnerability scans on the website and apps to ensure continuous security. A penetration test is also performed regularly by an external firm. SOC 2 certification ensures that user data is protected at all times with the implementation of efficient internal controls.
The report is available for clients upon request.