We’re proud to announce that, as of September 2020 , Cloudvirga has earned year 2 compliance through surveillance for SOC-2 and ISO / IEC 27001.
Together, these certifications provide external validation that the customer data in our system is secure and protected from a variety of risks and that we’re taking steps on an ongoing basis to keep it that way. The result: lenders using Cloudvirga’s platform can rest assured that their customers’ information is securely and compliantly protected.
Here, we’ll present an overview of these two security certifications: what they are, what it means to be certified, and how they benefit our customers and their borrowers.
What is SOC-2 Certification?
Service Organization Controls 2 (SOC-2) certification is an internationally recognized security framework for technology, SaaS, and cloud-based companies. Overseen by the American Institute of Certified Public Accountants (AICPA), SOC-2 certification validates that a company’s systems adhere to standards of…
- Security
- Availability
- Processing integrity
- Confidentiality
- Customer data privacy
Obviously, those are large, abstract concepts. To earn SOC-2 certification, we had to go through a two-part process to prove that we’re meeting these standards.
First, we put together a report detailing how our operations meet each standard. We then submitted that report to AICPA auditors, who reviewed it and determined whether our operational safeguards met their standards for security, availability, etc.
Once the auditors determined that our policies and practices were sufficient to keep us in compliance with the SOC-2 standards, we went through a thorough technical audit to verify that we are actually implementing all the safeguards we detailed in the report.
One key component of SOC-2 compliance is that it’s not a one-time process. SOC-2 compliance requires that we actively follow security-forward practices and policies on an ongoing basis. To maintain our certification, we have to pass a technical audit annually.This means that we have to maintain a culture of security throughout the organization.
Maintaining SOC-2 compliance requires a lot of work and a lot of vigilance, but because our software handles and processes so much customer data, we believe staying compliant is absolutely necessary to support the lenders and borrowers who depend on Cloudvirga to secure home loans.
(Read more about how we view compliance as a competitive advantage.)
What Is ISO / IEC 27001 Certification?
ISO / IEC 27001 (commonly called ISO 27001) is a voluntary standard for securing customer information outlined by the International Organization for Standardization. Companies that choose to become ISO 27001 certified must meet many requirements for how they handle consumer data.
Typically, meeting ISO 27001 standards for protecting customer data falls into an organization’s larger information security management system (ISMS), which outlines processes for handling all kinds of information: financial data, intellectual property, and employee records in addition to consumer data.
To earn ISO 27001 certification, we had to meet rigorous international standards for everything from identifying which business areas are affected by these standards to explaining how we would train Cloudvirga employees on an ongoing basis to make sure we stay in compliance.
We then had to pass real-world tests to ensure that our practices aligned with our plans. Auditors looked at whether our databases were secure, whether we had the right level of database encryption, whether we were using privileged access correctly – and so on.
Like SOC-2, ISO 27001 is not about “set it and forget it” security. Part of maintaining certification is having a plan for identifying any potential lapses and remediating those as soon as we identify them. We’ll have to pass an audit every year to retain our ISO 27001 compliance certification.
How Do These Security Certifications Benefit Cloudvirga Customers?
As we mentioned above, SOC-2 and ISO 27001 are standard security certifications for businesses that offer SaaS, operate in the cloud, or are otherwise tech-forward. For us at Cloudvirga, getting these certifications was an obvious choice.
Yes, maintaining these certifications requires additional work on our end, but it also means that the lenders we work with have peace of mind knowing that their customers’ information is secure.
Specifically, lenders who use Cloudvirga enjoy the following benefits:
- Improved risk management: Our customers are mortgage lenders. Most of our partners have been around for decades (or even centuries). While most of them continue to update their technology and data security practices, few have the bandwidth to invest in SOC-2 and ISO 27001 certification. When these organizations use our software, they automatically benefit from the increased level of security our system offers.
- Data security: Because SOC-2 and ISO 27001 standards have specific rules for how we handle and transmit data, any organization that uses Cloudvirga’s software can rest assured that its customers’ data is extremely secure.
- Peace of mind: Part of gaining these certifications is having a robust business continuity plan, so lenders that use Cloudvirga know that even if something goes wrong on our end, we’ve got a backup plan to keep our software up and running. Our business continuity translates to our customers’ business continuity, which translates to peace of mind for everyone.
If you’re interested in learning more about how our SOC-2 and ISO 27001 certifications can benefit your organization and your customers, please get in touch. We’d love to fill you in on the details.
See how we maintain these certifications that fosters a culture of security around the Cloudvirga offices.