ECOMMPAY Passes SOC2 Audit – Proving Commitment To Keeping Data Safe

ECOMMPAY has passed its annual Service and Organization Controls 2 (SOC 2) check, performed by SPL AUDIT.

The audit is designed to make sure service providers who store their clients’ data in the cloud, undertake all the necessary measures to keep that data safe. SOC2 is the international reporting standard for information security risk management systems. The standard has been developed by the American Institute of Certified Public Accountants, AICPA.

Passing this audit further shows the commitment that ECOMMPAY has to provide its clients with the very best in data security. The audit process consists of the following elements:

• What practices have been implemented
• How stated procedures are followed
• How changes to the process are registered.

Why do we need this?

Any company that is providing services, especially in the financial and e-commerce field, may potentially present a threat for its customers. From time to time, customers, especially large corporations, may have questions like:

• Can we trust them?
• What mechanisms, technologies do they use to protect our data?

In order to give a suitable answer to these questions, it’s better to use an outside expert opinion (SOC2 auditor). For ECOMMPAY it’s important that our clients and partners don’t feel the need to question the reliability of our products and services. Safe in the knowledge that our internal processes are in line with external regulations.

What was examined by the auditors?

1. What constitutes our services: 1.1 Services of card transaction execution through interfaces PaymentPage, API, SDK, etc. 1.2 Services of financial reporting to merchant
2. How our systems interact with merchants, merchants’ customers and our partners (Payment systems)
3. How the process control is organised
4. What control tools ECOMMPAY has, and what control tools ECOMMPAY’s merchants have
5. Services’ risk exposure, what control tools allow minimising these risks.

All major companies publish a brief report annotation without sensitive data in the public domain, thus showing a high level of maturity in processes and services.