Quavo, Inc. Announces Completion of SOC 2 Type II Certification
Earlier this month, Fintech provider Quavo Fraud & Disputes attained its SOC 2 Type II certification. The completion of the six-month observation period underlines Quavo’s service commitments and declares that all system requirements were achieved based on the trust services criteria relevant to the security standards set forth by AICPA. The announcement emphasizes Quavo’s continuous dedication to assuring their clients’ security and safety.
The SOC 2 Type II is a lengthy examination period during which Quavo’s internal controls and systems related to security, availability, processing integrity, confidentiality, and data privacy were analyzed. After completing the SOC 2 Type I certification, the established policies and procedures were tested and identified over six months. Quavo passed auditor requirements and attained the SOC 2 Type II completion report.
“Quavo’s completion of our SOC 2 Type II audit means that we are following industry best practices and were audited by an outside firm to ensure we were upholding these practices correctly,” said Co-founder and Managing Partner David Chmielewski. “One of our primary goals is to provide a platform our clients can trust with their business and data. Our own opinion of how we are doing is not enough in this industry. Strong auditability is a cornerstone of our cloud platform for this reason.”
The SOC 2 Type II achievement indicates that Quavo developed and continues to communicate its personnel procedures, data, and asset security. These procedures included several policies: Change Management/Separation of Duties, Data Protection, Encryption and Key Management, Incident Response, and Vulnerability Management and Patch Program.
Nick Facca, Quavo’s Director of Technology, detailed the significance of the SOC 2 Type II attainment, “Our completion of the SOC 2 Type II report highlights the importance of Quavo’s organization-wide controls established along with the security assurance provided to our clients, safeguarding sensitive data. As the industry faces new vulnerabilities regularly, the Quavo team ensures that the adequate steps are being taken, and the situations are appropriately solved.”
The Quavo team continues to stress the importance of data security. A recent example of successful controls put in place occurred when the Log4j Java vulnerability was handled proactively through proper incident response and reporting, providing client communication and assurance.