Today, nearly everything about collections is digitized: from following a consumer’s digital footprint to account management and even consumer communications. That means now more than ever when choosing a collection partner, little is more important than data security. A breach of any kind revealing sensitive consumer data can be costly – not just in terms of compliance violations, but also to the reputation of your organization. This makes security certifications a top concern when considering prospective collection partners. One of the most significant of these is the SOC 2 TYPE II.
What is SOC 2 TYPE II?
The SOC 2 TYPE II certification is awarded when an agency passes a stringent technical security audit focused on both the security systems in place and the organizational structure that manages them. The audit assesses whether or not the organization’s systems meet the necessary Trust Services Criteria (developed by the Association of International Certified Professional Accountants). SOC 2 TYPE II should not be confused with SOC 2 TYPE I.
Type I only examines whether or not certain controls are in place, while TYPE II determines the effectiveness of those controls proving they actually provide protection for sensitive consumer data.
Basic criteria for a SOC 2 TYPE II audit
Security Controls
Is the system protected against unauthorized access and how? This part of the audit examines the physical and logical access to the infrastructure. It includes key systems, network device configurations, password and authorization protocols, as well as any existing firewalls.
Operation and Use
Is the system operational and available for use as intended? This part of the audit reviews the established disaster recovery plan and other protocols in place to ensure continuity during both unforeseen and routine events such as scheduled system backup activities. This also includes recovery testing.
Confidential Data Protection
Is the sensitive data protected in accordance with the established policies and service agreements? This part of the audit determines if the confidentiality agreements between the organization and the partners who share sensitive data with the organization are being upheld. This is not to be confused with privacy agreements that impact consumer to agency data sharing.
Privacy Agreements
Is the sensitive data that consumers supply being protected in accordance with the privacy agreements in place? As mentioned above, the personal and private data supplied by the consumers themselves must be handled with sensitivity and security. This part of the audit ensures that data is obtained, used, stored, disclosed, and eliminated according to compliance and any understood privacy agreements. This is especially important considering the number of states adopting new privacy legislation.
Integrity of System Processing
Is the system processing as anticipated? Agencies process payments, and as such, processing activities must be secure and accurate. This part of the audit analyzes the integrity of the system processing to ensure it meets quality standards. This includes the capture and correction of any processing errors.
When deciding to partner with any third-party organization you need a way to assess the risks associated with their services and service technology. A SOC 2 TYPE II audit certification ensures the safety of your sensitive business and consumer data by furnishing an independent analysis of the criteria that matter the most (security, confidentiality, privacy, and availability) so you can be confident their systems are operating effectively and in accordance with all relevant trust principles.
Professional Credit is proud to be one of only a few collection partners to earn SOC 2 TYPE II certification. To learn about this and our protocols for ensuring the highest level of data security for our clients and their consumers contact us for a consultation or visit this page.
This blog for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular question or issue.