New York: Options has announced the successful completion of the annual Service Organization Control (SOC) 2 Type II and Statement on Standards for Attestation Engagements (SSAE) 16 Type II audit, and issuance of the SOC 1 Type II and SOC 2 Type II reports. The audit, which was carried out by a third party accredited accounting firm, measures and validates the security, design and operating effectiveness of a service provider’s infrastructure, controls and associated practices.
Developed in 2011 by the American Institute of Certified Public Accountants (AICPA), the SOC reporting standard is the leading attestation standard for technology service organizations. They go beyond the scope of the traditional SAS 70 examinations and are the new industry standard for private cloud and infrastructure-as-a-service firms that provide managed hosting and data storage services to the financial industry.
In 2012, Options became one of the first cloud infrastructure providers to successfully complete the SOC and SSAE 16 audit. In particular, the SOC 2 report focuses on a firm’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy. In successfully completing this audit, Options has upheld a 100% track record since the introduction of the standards, further underlining the firm’s continued commitment to maintaining the very highest level of internal controls, compliance and security.
Options CTO, John Bryant said: “We are delighted that, once again, no exception has been noted in Options’ security and compliance practices. The results of these assessments further validate our standing as an industry leader in delivering an offering that combines both innovative financial technology and advanced security practices.
“Our focus has always been to provide peace of my mind to our clients, from both a technology and security standpoint, and these annual assessments, which include random on-site testing, ensure Options keep current with new and emerging security threats and vulnerabilities. This validation, now a key industry standard, has never been more important, particularly against the backdrop of the wider regulatory environment and the ever increasing number and complexity of cyber threats.”