Today, we’re excited to announce that Coris is SOC 2 Type II compliant. We partnered with Advantage Partners, an independent auditor, who has verified that our technology and processes adhere to the highest standards of security and privacy.
What is SOC 2?
SOC 2, or Systems and Organization Controls 2, is a compliance standard developed by the American Institute of CPAs (AICPA) outlining how organizations like Coris should manage customer data. The SOC 2 security framework is based on five trust service principles for customer data management: security, availability, processing integrity, confidentiality, and privacy.
During the SOC 2 certification process, an independent auditor such as Advantage Partners evaluates a company’s security posture as it relates to one or all of the above trust service principles. The audit includes scoping, gap analysis, control testing, and more. For Type II certification, auditors assess how effective the designed security controls are over time by observing operations for a period of time.
In addition to Advantage Partners, we partnered with Vanta to automate parts of the SOC 2 certification process.
What’s the difference between Type I and Type II compliance?
Coris achieved SOC 2 Type I compliance over the summer. Type I compliance ensures our partners that Coris’s systems and controls are designed effectively to meet the applicable trust service criteria at a specific point in time.
SOC 2 Type II compliance goes a step further. It not only examines the design of controls but also evaluates their effectiveness over a sustained period of time. It provides a more comprehensive assessment of how well the controls are operating and whether they are achieving the intended outcomes. Because type II compliance is more rigorous, many companies use this as a criteria when evaluating a vendor’s security posture.
Why is SOC 2 compliance important?
Our customers operate in heavily regulated industries like financial services, where data security and privacy are of the utmost importance. Consequently, they need to make sure their partners also handle data with a high degree of sensitivity and privacy. SOC 2 Type II compliance assures our customers that we prioritize data security and have strong internal controls to mitigate any risk of data breach.
Coris will continue to invest in best-in-class security and privacy practices to ensure customers’ merchant data is sufficiently protected on our platform.
If you’d like to learn more or receive a copy of Coris’s SOC 2 report, please contact us.