Skip to content

SOC 2 Certification: Is Your Data in Good Hands?

You need to protect your company’s reputation. You also need to protect your bottom line. Solid screening and insurance partnerships can help you achieve those goals, but only if your partners can consistently meet high security standards. SOC 2 certification can help you verify that the right controls are in place.

Screening and Underwriting Require Sensitive Data

To manage the risks inherent to renting and leasing assets, you rely on screening and insurance processes. Of course, you can’t conduct a thorough screening or underwriting process without accessing sensitive personal data. 

For you, as a mobility platform, to get an accurate understanding of your users, your process should include a 360-degree screening of renters, vehicle owners, and vehicles. That includes collecting:

  • Basic information like names, addresses, ages, and driver’s licenses
  • Vehicle information 
  • Background information such as credit scores, driving records, and criminal records 

The bottom line: To really understand your users and the risk they bring to your platform, you need to collect and store a lot of sensitive data. While this makes your process smart and efficient, it also makes you an attractive cyber target.


Third-Party Cyberattacks are Surging

Cyberattacks keep increasing. The FBI’s Internet Crime Compliant Center (IC3) says that there were 847,376 complaints in 2021, and associated losses reached a record high of $6.9 billion. Of these complaints, 3,729 were identified as ransomware. To make matters worse, cybercriminals now frequently threaten to release data to the public.

The targets have also changed. In an alert warning about increased ransomware risks, CISA said that ransomware groups have increased their impact by adopting new strategies. Some attacks now target the software supply chain, a technique that allows cybercriminals to access multiple victims with one attack. Additionally, a high number of attacks target managed service providers and cloud infrastructures. 

There have been many attacks in recent years, but one of the most high-profile cases was the SolarWinds cyberattack. According to the U.S. Government Accountability Office, the attack inserted hidden code into a file that was later included in the Orion software updates. Nearly 18,000 customers, including both the federal government and private sector organizations, are believed to have received the compromised updates, which gave the attackers a backdoor into the affected programs.

Consumers are justifiably worried about personal data breaches. The IC3 received 51,829 complaints about personal data breaches in 2021, as well as 51,629 complaints of identity theft. It’s a real problem, and companies need to take it seriously.


A Data Leak Could Hurt Your Brand

If your customers’ personal data is leaked, they will likely hold your company accountable – even if the leak is tied to a third-party provider. In addition to reputational damage, you may also face legal and financial liability.

According to the 2021 Data Breach Report from IBM, data breach costs have risen to $4.24 million. The average total cost of a ransomware breach is $4.62 million, and the average per record cost of personally identifiable information is $180.

When you select your partners, you need to make sure that those partners will keep your data safe. SOC 2 certification is a smart way to do this.


SOC2 Standards

The Association of International Certified Professional Accountants (AICPA) offers the System and Organization Controls (SOC) suite of internal control reports.

SOC 2 is the Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. There are two versions of the report: type 1 and type 2. 

These SOC 2 reports provide information and assurance about the controls at a service organization. Both internal and external stakeholders can use these reports to verify that an organization is using best practices when it comes to data security. Because these reports are conducted by outside auditors, you can rest easy knowing that the information you’re receiving is accurate and impartial.


A Partner You Can Trust

Mobility and sharing platforms require a complicated network of tools and partners to deliver embedded insurance and protection packages, accurately screen risk, and stay compliant. When you use a third-party provider for screenings and insurance, you’re protecting your bottom line – but you need to know that your service provider can be trusted with your data.

Here at DigiSure, we take data security seriously. In fact, we’ve just completed the rigorous SOC 2, Type 2 report and we’re happy to share the results with our partners. Pursuing SOC 2 certification is an important part of our commitment to security, transparency and high standards.

If you’re concerned about security, we want you to know that you can count on us to deliver innovative screening, insurance, claims, and data consulting solutions while adhering to the industry’s best data security practices. 

Contact us to learn more.

Book an intro call