soc 2

Resources / Nov 2022

Argyle’s SOC 2 Type 2 Certification: A Commitment to Data Security

When it comes to safeguarding consumer data, the gold standard is our only standard.

As part of our ongoing commitment to ensuring the safest possible data environment, Argyle is fully certified for and compliant with SOC 2 Type 2 standards. That means we undergo annual audits to assess the strength and integrity of our privacy practices and security protocols.

That might not sound like much—but in the world of data sharing, it’s a pretty big deal. Here’s why.

standard

What is a SOC 2 Type 2 certification?

SOC stands for system and organization controls. At the most basic level, SOC is a set of standards developed by the American Institute of Certified Public Accountants (AICPA), intended to evaluate the steps a service organization takes to protect its customers’ (and its customers’ customers’) sensitive data.

AICPA issues different categories and levels of SOC certifications. A SOC 2 Type 2 certification is generally regarded as the most comprehensive and the most difficult to achieve, because it considers not only the internal controls an organization maintains around its operations and compliance, but also whether those controls perform effectively and consistently over time.

That’s what makes SOC 2 Type 2 the gold standard when it comes to data security—and one of the most trusted and sought-after certifications in our industry.

Difficulty to achieve

The SOC 2 Type 2 compliance process

A SOC 2 Type 2 examination is conducted by an independent, third-party CPA auditor. It looks at a service provider organization’s ability to manage customer data according to five key principles of trust set forth by the AICPA:

  1. The security of an organization’s system, as defined by protections against unauthorized access

  2. The availability of an organization’s system for operation and for use as indicated in the customer agreement

  3. The processing integrity of an organization’s system, or whether its data processing is complete, valid, timely, accurate, and authorized

  4. The confidentiality of the information an organization processes and how that confidentiality is protected

  5. The privacy of the personal information an organization collects, retains, uses, discloses, and disposes of

To qualify for SOC 2 Type 2 certification, Argyle created and continues to follow strict information security procedures that align with these five principles. Each year, an accredited auditor is brought in to examine the quality of said procedures and to monitor our adherence to them over a twelve-month period—as opposed to a single moment in time, which is the scope of a SOC 2 Type 1 report.

We first pursued and achieved SOC 2 Type 2 certification between December 1, 2020, and April 30, 2021, and we’ve kept up strict compliance ever since—which is to say, we pass our annual audits with flying colors.

The result of this ongoing process is a detailed SOC 2 Type 2 report that documents how well we live up to our data security promises. This report is confidential, but it can be shared with current and prospective customers upon formal request.

Why is SOC 2 Type 2 compliance so important?

In short, businesses need to work with vendors they can rely on to keep their data and their customers’ data safe and treat it with the care and respect it deserves.

Partnering with a service provider that doesn’t go above and beyond when it comes to data security can not only cause a business to lose trust points with current and prospective customers, it can leave them vulnerable to third-party data breaches that damage both their reputation and their bottom line. For reference, according to IBM, the average cost of a data breach in the U.S. currently hovers around $9.44 million, a devastating financial hit for most companies.

SOC 2 Type 2 compliance is really the only benchmark our industry has to prove that a given service provider is keeping up with the latest data security policies and best practices.

Plus, SOC 2 Type 2 certification isn’t mandatory, so an up-to-date report evidences that a service provider organization isn’t just checking a box—they’re being proactive about building the strongest possible data environment and keeping their customers’ interests front of mind.

security procedure

The (secure) path forward

While Argyle’s SOC 2 Type 2 certification is a major achievement, we won’t be resting on our laurels any time soon.

Among other data security steps, we’ll continue to repeat our SOC 2 Type 2 examinations annually to ensure we remain up to date and in step with the most current, industry-leading data security practices for the benefit of both our customers and their users. Protecting the rights and privacy of consumers is, after all, core to who we are.

Learn more

Want to learn more about Argyle’s data security practices? Reach out to a member of our team to discuss everything we’re doing to keep consumer data safe.


Blog

Learn how Argyle is transforming the mortgage lending experience through direct-source verifications.

Newsletter sign up

Be first to get industry insights and news from Argyle.

Have any feedback or questions?

We’d love to here from you.

Contact us