April 2024
What is SOC 2 Type II & Why is it important?
SOC 2 Type II or Service Organization Controls 2 is a framework that is governed by the American Institute of Certified Public Accountants (AICPA). With a SOC 2 Type II audit, an independent service auditor will review an organization’s policies, procedures, and evidence to determine if their controls are designed and operating effectively. A SOC 2 Type II report communicates a company’s commitment to data security and protection of customer information.
Improving your security posture
By undergoing a SOC 2 Type II audit, our controls and processes were validated by a third-party who attests to the functioning of the controls relevant to our application. SOC 2 Type II compliance exemplifies an organization’s commitment to their customer’s trust and is a major milestone towards improving their overall security posture. With increasing cybersecurity threats and data breaches, it is paramount that organizations prioritize information security and the protection of their systems and data.
Why we pursued SOC 2 Type II now
Successfully completing the SOC 2 Type II assessment underscores Linker Finance's commitment to transparency and trust. It confirms stakeholders that Linker Finance strictly upholds demanding security standards, safeguarding customers' sensitive data through comprehensive company-wide controls. In an environment marked by continual data privacy and security challenges, our SOC2 Type II, assessment stands as evidence of Linker Finance's readiness to combat present and future challenges, offering customers peace of mind and confidence in our services.
Linker’s journey to SOC 2 Type II compliance
Compliance Partners
• Vanta
We partnered with Vanta, the leader in the Trust Management space, to help us automate the collection of our audit evidence. Vanta provides us with the strongest security foundation to protect our customer data.
• Advantage Partners
Our audit firm, Advantage Partners, was extremely helpful in creating a seamless audit experience. With their guidance and support, we were able to achieve SOC 2 Type II compliance in a swift, efficient manner.
Process
While SOC 2 Type II can be a big undertaking, our compliance partners streamlined the process. We leveraged Vanta to integrate our key systems and guide us in implementing policies and procedures to quickly become audit ready. Vanta gave us the direction we needed to pursue our compliance journey. Advantage Partners then confirmed our audit readiness and we kicked off our Type II audit. For the audit, Advantage evaluated the controls we have in place and opined on their state. Shortly after our audit window ended, Advantage Partners drafted and issued our report.
Timeline
One key takeaway is understanding that improving our security posture and achieving compliance is a monumental task. This can be made easier with the right compliance partners but it will take dedicated focus and time from your organization. The readiness period can take the most time but we were able to make compliance a priority to get audit ready in a matter of weeks versus months. We also found it important to review the audit timeline with Advantage Partners, set an ideal audit date, and then work backwards to be ready in time. However, now that controls are implemented and security is a priority for our team, subsequent SOC 2 audits will be even more seamless.
• December 2023 - PCI Compliant Certification
• January 2024 - SOC 2 Type I Compliant
• April 2024 - SOC 2 Type II Compliant
