What is an SOC 2 Report?
SOC or ‘Service Organization Control’ reports detail the security behind sensitive transactions, produced by the information holder to demonstrate their ability to keep data safe. People want to be able to trust their data holders with confidential information, and a cleanly audited SOC 2 report means companies and individuals can depend on their provider. Summarized by ssae16.org, SOC 2 reports are “designed for the growing number of technology and cloud computing entities that are becoming very common in the world of service organizations”.
There are five criteria of trust that comprise an SOC 2 report: Security, Availability, Processing Integrity, Confidentiality and Privacy.
SOC 1 covers the financial transactions a company makes, SOC 2 reports on the security behind those financial transactions and once in place a qualified and experienced Auditor signs off on the report and an SOC 3 is made available, which is a high level overview, keeping the processes disclosed in SOC 2 private.
Protecting your data is our mission. We’ve partnered with Plaid who work with 9600 banks including Wells Fargo, Citi, and Chase. Plaid complies with SOC 2 regulations, and regularly subject themselves to independent security tests. Plaid is known for its strong partnerships, best-in-class technological infrastructure, and commitment to making financial services simpler and more secure.
‘Am I Paid?’ does not store any sensitive data about your bank accounts, or transactions. We utilize Plaid to create masked account numbers – the dates, descriptions, and amounts are listed for your own records without exposing any other account details.
In summary, via SOC 2, using ‘Am I Paid?’, you can be sure that your data is safe and has been audited to prove that.
Again, we are pleased to receive another A+ Rating for our security, this time analysing our Certificate, Protocol Support, Key Exchange and Cipher Strength. Qualys SSL Labs rated amipaid.com, blog.amipaid.com, support.amipaid.com, uk.amipaid.com, wiki.amipaid.com and www.amipaid.com extensions the highest grade possible.
Qualys state “SSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works . . . except that it does not, really. The first part is true—SSL is easy to deploy—but it turns out that it is not easy to deploy correctly. To ensure that SSL provides the necessary security, users must put more effort into properly configuring their servers.”
Today, at 3rd Square Software, we are pleased to receive an A+ rating from Mozilla for our safety and security for ‘Am I Paid?’. Mozilla state their ‘Observatory’ project is designed to help developers, system administrators, and security professionals configure their sites safely and securely.
We encourage all website owners and visitors to visit Mozilla’s Observatory, enter a domain and click “scan me” and see the report that is shown. When we first scanned ‘Am I Paid?’, despite already complying with industry standards, and having been intrusion, penetration and brute force tested, we got an F, just like 91% of all websites. Assisted by the feedback of Observatory, and the clear guidance on what needed fixing, the engineers at ‘Am I Paid?’ have quickly improved our grade to an A+.
“91% of all websites receive an F grade when first run”, that is an amazing statistic that Mozilla has released, and goes to show how rapidly security policies are advancing and how security needs to be at the forefront of every companies mantra. Indeed, running the test on one of the worlds biggest banks, HSBC, shows a grade F for www.hsbc.com.
Mozilla’s Observatory performs a range of checks which are being added to as new security protocols are identified. Threats are researched by security professionals at Mozilla and the wider community across thousands of articles, hundreds of websites, and dozens of specifications.
Interested in making the web a safer place? Scan sites you use and let the owners know if their results aren’t up to scratch.