Linker News

BLOG
Linker in now SOC 2 Compliant header
What is SOC 2 & Why is it important?

SOC 2 or Service Organization Controls 2 is a framework that is governed by the American Institute of Certified Public Accountants (AICPA). With a SOC 2 audit, an independent service auditor will review an organization’s policies, procedures, and evidence to determine if their controls are designed and operating effectively. A SOC 2 report communicates a company’s commitment to data security and protection of customer information.

Improving your security posture
SOC 2 compliance exemplifies an organization’s commitment to their customer’s trust and is a major milestone towards improving their overall security posture. With increasing cybersecurity threats and data breaches, it is paramount that organizations prioritize information security and the protection of their systems and data. By undergoing a SOC 2 audit, our controls and processes were validated by a third-party who attests to the functioning of the controls relevant to our application.

Why we pursued SOC 2 now

Achieving SOC 2 compliance is a crucial testament to our organization's commitment to building and maintaining trust among customers, stakeholders, and other interested parties. Recognizing the evolving needs of our clients and the importance of safeguarding data from potential security risks, we embarked on this journey to implement robust security controls.

In January of this year, Linker Finance successfully obtained SOC 2 Type 1 certification, marking a significant achievement. Currently, we are diligently working towards achieving Type 2 compliance in the coming months. As a digital banking platform catering to community banks, security is of vital importance in the financial sector. Our pursuit of SOC 2 compliance reflects our unwavering dedication to delivering a secure and trustworthy platform. This accomplishment is a clear demonstration of our ongoing efforts to enhance our security posture, reinforcing our commitment to earning and maintaining the trust of our valued clients. Moving forward, we are proud to announce our commitment to annual SOC 2 renewals, ensuring that we consistently uphold the highest standards of security and data protection.

Linker Finance’s journey to SOC 2 compliance

Compliance Partners
• Vanta
We partnered with Vanta, the leader in the Trust Management space, to help us automate the collection of our audit evidence. Vanta provides us with the strongest security foundation to protect our customer data.

• Advantage Partners
Our audit firm, Advantage Partners, was extremely helpful in creating a seamless audit experience. With their guidance and support, we were able to achieve SOC 2 compliance in a swift, efficient manner.

Process
While SOC 2 can be a big undertaking, our compliance partners streamlined the process. We leveraged Vanta to integrate our key systems and guide us in implementing policies and procedures to quickly become audit ready. Vanta gave us the direction we needed to pursue our compliance journey.

Advantage Partners then confirmed our audit readiness and we kicked off our Type I audit. For the audit, Advantage evaluated the controls we have in place and opined on their state. Shortly after our audit window ended, Advantage Partners drafted and issued our report.

Timeline
One key takeaway is understanding that improving our security posture and achieving compliance is a monumental task. This can be made easier with the right compliance partners but it will take dedicated focus and time from your organization. The readiness period can take the most time but we were able to make compliance a priority to get audit ready in a matter of weeks versus months.

We also found it important to review the audit timeline with Advantage Partners, set an ideal audit date, and then work backwards to be ready in time. However, now that controls are implemented and security is a priority for our team, subsequent SOC 2 audits will be even more seamless.

Lessons we learned

• Focus on improving security posture, not checking boxes
Key points:
- Compliance is not one size fits all.
- Security is a continuous project that should be prioritized in an organization.

• Knowing your stakeholders in the compliance process
Key points:
- Deciding which internal stakeholders are needed for policies, procedures, and engineering tasks.
- Your entire organization will be involved in improving security and adhering to procedures.

• The right partners are key
Key points:
- Finding a tool to guide you through the process.
- Partnering with an audit firm that is dedicated to your success.