November 24, 2021
Since Inveniam’s founding, we have focused on making it easy for clients to work with us as we bring trust and transparency to private market data. One of the ways we have looked to accomplish this is by embracing, rather than shunning, well-reasoned regulatory frameworks.
Around this time last year, Inveniam embarked on a journey to achieve SOC 2 Type I certification. System and Organization Controls 2 (SOC 2) Type I certification means that a firm underwent a rigorous audit overseen by an independent auditor to ensure that its processes and controls are secure and compliant. The successful completion of our certification is a major milestone for our still young, but growing, company and affirms our dedication to security and third-party accountability.
There are two ways to go about gaining SOC 2 certification: either a firm can hire a third party to gather the ‘evidence,’ as it is called in these audits, on the firm being audited by conducting interviews and collecting documentation. With that information collated, it gets sent to the auditor for evaluation. Or, a firm can internally spend the hours to gather and formulate the ‘evidence’ to present to the auditor.
The latter method is more difficult, but more credible. It was the route we chose.
We saw a huge opportunity to mature as a challenger fintech brand if we did it ourselves. And everyone at Inveniam did have to lend a helping hand as we chipped away at hundreds of tasks — some big, some small — that faced us. This involved everything from hiring a chief information security officer to codifying our employee handbook. By developing the materials side-by-side internally and forcing ourselves to make a deep evaluation of our systems, we improved as a company while simultaneously lowering our risk profile.
As a data-centric technology company dedicated to transparency and trusted data, we also knew we didn’t want to wait a year to reevaluate if we have been, colloquially, walking the SOC 2 walk properly. Rather, we implemented a compliance dashboard so that we, and our auditors, may know if there are any issues with our systems.
With our SOC 2 Type I certification in hand, it will be easier for large, global corporations to do business with us, knowing that our house is in order.
We have plenty of obstacles to tackle and more milestones to hit, but achieving and maintaining our SOC 2 certification is a robust foundation from which we will continue to build.