The importance of SOC 2 Type II certifications in vendor sourcing

Aug. 16, 2018 – 

Be sure to check out our article in Mortgage Professional America (MPA) magazine.  In it, we highlight why you should add SOC 2 Type II certification to your vendor sourcing requirements, as few approaches do more to protect you from information security breaches.  Find the article HERE:   mortgage vendor credit union information security

An ever-increasing number of vendors across mortgage and credit union ecosystems are proudly displaying their SOC 2 Type II “badge of honor.”  Here’s the rub.  It is, in fact, a huge achievement, yet so few of us know why.  That is a travesty, especially for those of you with any role to play in vendor sourcing.

In the article, we describe the basics of SOC 2, and why it so coveted by vendors and organizations, in general, and why you should put a premium on SOC 2 certifications.

A key message -- there is virtually nothing you and your info security team can audit or assess that has not already been covered extensively, and actually tested, by the independent audit body that issues the SOC 2 certifications.  Generally speaking, most of your due diligence vendor audits are likely rather high level and cursory, whereby SOC 2 certifications are very grueling and costly. 

A Key Difference Between Your Audits & SOC 2 Audits:

  • Yours are generally once and done, up front, and then maybe annually to re-certify.
  • SOC 2 audits are generally never-ending, continuing throughout the year, with testing, testing and more testing. 

If prospective vendors are willing to subject themselves to this, ongoing and all-year long, they deserve your attention, provided they have the specific experience in what you seek.  

Read the article to further understand why you will be well-served in taking this approach as you look for new vendors.

Lastly, we encourage you to read the article referenced below on how vendor sourcing has changed.  You will be glad you did, as it has been our most popular post thus far.

Appreciate your time here!