Common Wealth’s SOC 2 certification makes security evaluations easier
More and more, cybersecurity is playing a critical role in the evaluation and selection of retirement benefits.
Recent reports show that managing cyber risk is important for Canadian business leaders across company sizes. In 2022, PwC reported that cyber security is a top concern for more than half of Canadian CEOs. According to a recent KPMG report, half of Canadian SMB leaders say they were affected by cybercrime in the previous year, and 8 in 10 say they’re prioritizing stronger cybersecurity through both technology and culture changes.
In the retirement industry, strong security practices are an important element of a plan sponsor’s fiduciary duty – to the extent that regulators are increasingly requiring plan sponsors to demonstrate the strength of their cybersecurity controls.
At Common Wealth, we believe that keeping customer data secure is just as important as delivering strong investment performance to our plan members. Our SOC 2 Type 2 certification demonstrates our ongoing commitment to security, availability, processing integrity, confidentiality, and privacy.
For advisors, working with a SOC 2 Type 2 certified plan provider can help speed up the path to purchase by making due diligence checks faster and easier.
What is SOC 2?
SOC stands for System and Organization Controls, and SOC 2 is a third-party audit that focuses on a company’s security controls for managing customer data. It’s considered the gold standard certification for enterprise technology, and the audit is typically done by a Chartered Professional Accountant (CPA) firm.
SOC 2 is different from other security standards. Not only does the audit focus on how well the company’s security program meets the SOC 2 standards, it also looks at how well it’s tailored to the company’s specific security objectives and concerns.
When you work with a SOC 2 certified provider, you have the assurance that their security practices have been externally reviewed and validated. This helps your client trust in the plan provider’s ability to keep their data secure – and this supports their trust in you, their advisor.
4 key things to know about Common Wealth’s SOC 2 certification
1. We go the extra mile with Type 2 reports
Companies typically start with SOC 2 Type 1 as a first step to completing Type 2.
A Type 1 report looks at a company’s security program at a point in time. It focuses on checking that the company’s security controls are documented and that they’re working as intended at the time of the audit. A Type 2 audit is a more accurate reflection of a company’s security habits. These audits evaluate a company’s practices over a period of 3 to 12 months, which provides a more comprehensive assessment of the company’s commitment to strong controls and practices.
2. We test against all 5 criteria
There are 5 Trust Services Criteria that a company can include in its SOC 2 audit. Security is considered the ‘common criteria’, and it’s required for every audit. Most companies only test against security, but Common Wealth tests against all 5 criteria – making our process more rigorous than most.
3. We’ve baked SOC 2 principles into our culture
From the beginning, we’ve taken a holistic approach to security by building our front- and back-end systems with modern technology. And we’ve invested in our teams to make sure they have the right training, policies, and processes in place to use our systems as intended. For your clients, this approach will resonate with both their HR and IT stakeholders.
4. We hold our service providers to the same standards
Our operational partners include world-class financial institutions and service providers. In building and maintaining our ecosystem, we vet our partners to ensure that their security practices match SOC 2 standards.
Be prepared and clear your security hurdles faster
More than ever, employers have high expectations of service providers’ cybersecurity practices.
Being knowledgeable about Common Wealth’s SOC 2 certification helps ensure that you’re ready for data security questions from your clients. Better yet, you can be proactive in offering up information that you know will be relevant later in the decision process.
We’re here to help you be the expert
Our Advisor Support team can help equip you for client conversations about how Common Wealth’s SOC 2 Type 2 reports demonstrate our commitment to protecting your clients’ data.
Reach out to your representative by email at firstname.lastname@example.org or book a meeting.