SOC 2 Type 2 certification mirrors continued investment in security
We're pleased to announce that Mayfair has achieved SOC 2 Type 2 compliance, as confirmed by independent third-party auditors.
SOC 2 (Service Organization Control Type 2) is a overall security compliance framework created by the American Institute of Certified Public Accountants (AICPA). Its primary purpose is to give an objective definition for how service providers should store, use, and process client data.
As is routine for SOC 2 certifications, several aspects of the Mayfair organization were thoroughly evaluated, including:
- Infrastructure: our platform's physical and hardware components (networks, facilities, and equipment) that power the Mayfair app as well as our day-to-day operations
- Software: our operating software and programs (utilities, applications, and systems) used either directly by our services or by our team in building and administering them
- Data storage: our treatment and storage of sensitive information from our customers and partners (files, databases, transaction stream, submitted documents, et cetera)
- Procedures: our manual or automated procedures that help our business function in its day-to-day activities
- People: our team's behavior and their adherence to the aforementioned procedures
These mirror the five standard traits of SOC-compliance, or Trust Services Criteria, defined by the AICPA:
- Security: systems and the data stored within them are protected against unauthorized access and unauthorized disclosure
- Availability: information and systems are readily available for operation and use
- Confidentiality: sensitive information is protected and given only when authorized and needful
- Processing integrity: processing is complete, valid, accurate, and authorized. Customer data remains correct throughout the course of data processing
- Privacy: personal information is collected, used, retained, disclosed, and disposed of in accordance with pre-stated policies
SOC 2 "Type 2" designates certification in which an organization was not only examined at a single point in time (which would be considered "Type 1") but over a period lasting three months to a year. Type 2 compliance more strongly suggests that the security systems, measures, and processes in place at an organization are not only designed well, but followed well, and thus functioning properly and stably.
This certification reflects Mayfair's continued commitment to the highest privacy and security standards, something which has defined our product and company from the beginning. Mayfair will continue to evolve its security in response to best practices and industry standards, mirroring our belief that minimal risk of any kind is the most important thing when it comes to your company's funds and finances.
You may view our SOC 2 Type 2 certification here. We know that certain segments of our customers require a full audit report. If you fall into that category, please contact us at firstname.lastname@example.org and we can share the report under NDA.