We are excited to announce that PortX has officially secured its SOC 2 Type 2 certification. This achievement builds upon the foundation set by ModusBox (PortX spun out of ModusBox in 2022), which earned the SOC 2 Type 1 certification. Here, we’ll cover the significance of this credential, how it impacts our customers, and the industry standards we’re pursuing next.
What is SOC 2, and how do the types differ?
Service Organization Control (SOC) 2 is a comprehensive auditing procedure designed by the American Institute of CPAs (AICPA). It focuses on ensuring that service providers like PortX handle customer data with the utmost care and meet stringent guidelines.
Type 1
A SOC 2 Type 1 report assesses the design of a service organization’s controls at a specific point in time. Essentially, it’s about the commitment a company makes – that their systems, processes, and policies are designed correctly.
Type 2
On the other hand, a SOC 2 Type 2 report delves deeper. It examines the operational effectiveness of these controls over a minimum six-month period. This certification signifies that not only are the systems well-designed, but they also work efficiently and effectively over time.
PortX’s journey to SOC 2 Type 2
Achieving SOC 2 Type 2 certification is a testament to our commitment to rigorous security and operational standards. The SOC 2 framework provides a comprehensive audit blueprint, setting out detailed security measures ranging from password complexities to mandatory installations of password managers on our team members’ laptops. We executed key processes and made critical decisions to earn this milestone, including implementing an audit tool (Vanta) to constantly monitor compliance, hiring skilled resources, and diligently enforcing several controls and processes.
A significant development over the past year was the release of Integration Manager 2.0, which allowed us to reimagine our security holistically and implement a Role-Based Access Control (RBAC) platform fully integrated with Integration Manager’s entirely redesigned customer authentication platform. This step ensures employees have real-time access precisely aligned with their roles and projects. This feature not only enhanced our client’s security measures but also made obtaining SOC 2 Type 2 certification easier for our security team.
Why is this important to PortX Customers?
Obtaining a SOC 2 Type 2 audit report is not just an internal milestone for PortX—it directly benefits our customers.
1. Benefits for FIs and Fintechs
- Ease in Security and Compliance Checks – This certification is a testament to our robust security infrastructure, which, in turn, aids FIs and Fintechs in meeting their compliance standards.
- Streamlined Auditing – With PortX’s certification, FIs are ensured a smoother auditing process, saving time and resources.
2. Benefits for our PortX Platform Customers
- Shared Responsibility – By being SOC 2 Type 2 certified, PortX takes on a significant share of compliance responsibilities. While we handle the heavy lifting, our platform customers can focus on optimizing their operations.
- Ensuring API Compliance – Our commitment is not just about safeguarding data. It also ensures that the APIs we provide to our customers remain compliant with industry standards.
What’s coming up for PortX?
Our achievement with SOC 2 Type 2 demonstrates our dedication to financial services security, but we are always looking forward, striving for higher benchmarks. Our next endeavors are to broaden our SOC 2 Type 2, achieve ISO27001, CSA STAR, and embrace the Financial-grade API (FAPI) security protocol. With plans to integrate the FAPI protocol by the end of 2023, we are set to enhance our security framework further and showcase our commitment to staying ahead of industry advancements.
Looking ahead, we’re energized by the new challenges and opportunities on the horizon, and we’re committed to navigating them side by side with our customers. We would love to hear from you. If you would like to learn more about the significance of SOC 2 Type 2 or our future plans, don’t hesitate to start a conversation with our team today.
