StandardC Security & Data Integrity 

SOC 2 Type 2 Certification

The SOC 2 Type 2 certification serves as the industry-recognized benchmark that validates the effectiveness of StandardC's internal controls and ensures its customers' highest level of data protection.

The SOC 2 audit is one of the world's highest recognized standards of information security compliance. It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls for information security. The SOC 2 report is the auditor’s opinion on how an organization’s security controls meet the SOC 2 criteria. To obtain our SOC 2 certification, a third-party auditor reviewed our internal controls, including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup and disaster recovery, security incident response, and other critical areas of our business.

To view the StandardC SOC 2 Type 2 certification, or to request a full report for your financial institution’s vendor due diligence requirements, please visit the StandardC Trust Center using the link below:

The Technical Details

StandardC is Gramm Leach Bliley Act (GLBA) compliant.

StandardC uses a combination of remote verification of physical IDs, mobile network operator data, fraud algorithms, and FIDO U2F multi-factor authentication capabilities to securely verify a user's identity. StandardC’s identity verification and proofing meets or exceeds the highest industry standards (NIST 800-63-2 [-3], EO 13681, HSPD-12, and FIDO alliance standards) and has been designed to comply with rigorous information security regulations including AICPA SOC 2, ISO 27001, FedRAMP, and multiple NIST 800 guidelines.

StandardC’s data-rich solutions feature multiple layers of security and use a defense-in-depth strategy. Data is encrypted using Advanced Encryption Standard (AES) algorithm with 256-bit key. StandardC platform provides end-to-end data lifecycle immutability with permanent and continuous regulatory-grade data auditability. StandardC uses advanced Distributed Ledger Technology ("DLT") which protects, stores, and encrypts all compliance and transaction events, enabling a path to fraud detection. Customer participation in this secure and fully searchable environment allows for easy extraction of analytics data for regulatory exams and other uses.

Note: If you would like to report a security incident, please complete the form here.