We are proud to announce that Rocket Dollar is now SOC 2 Type 1 compliant. At Rocket Dollar, the online security of our customers' information is our first priority. We take the trust of our customers seriously and have undertaken a SOC audit to ensure the protection of their personal data. Our undertaking of a rigorous compliance audit is only the foundation of our commitment to security and we plan to build on that foundation by getting a SOC 2 Type 2 certification in the second quarter of 2019.
What does Rocket Dollar being SOC compliant mean for me?
Originally developed by the AICPA (American Institute of CPA’s), SOC 2 is a defined criteria for managing customer data, and is based on five “Trust Service Principles”. These are:
Security The auditors looked for things such as having intrusion detection (software that looks for hacking activity), anti-virus, strong passwords, and auditing of all access to any sensitive data customers have entrusted us with. They also ensured we have strong, secure networks using the best-in-class encryption available. In today’s digital landscape, security is top priority and this audit put us in the best position to defend your data against theft and illegal disclosure.
Availability Availability ensures that Rocket Dollar’s systems are always online, resistant to technical issues and disasters. In order for Rocket Dollar to pass the Availability portion of the SOC audit, we had to demonstrate to the auditors that we have redundant computer systems in place, that we properly manage changes to our software, and that customer data is backed up and can be quickly brought back online in the event of a disaster.
Processing Integrity Processing Integrity addresses whether or not a Rocket Dollar system achieves the purpose for which it was designed. Also tested was the accuracy of our data processing systems, which must be complete, valid, accurate, and timely.
Confidentiality The confidentiality portion of the SOC audit is a test of the security of data housed with Rocket Dollar. To pass this portion, we must continually ensure that data is restricted to a specified set of persons inside our organization. Again, these people must have passed a background check, as well as use compliant devices to access customer data.
In essence, SOC is an external auditing procedure that ensures that data provided to us is always protected and that the security of our customers is at the forefront of our operations.
Is SOC compliance a requirement for Retirement Plan providers?
No, while SOC compliance is not a formal requirement for software as a service (SaaS) or retirement plan providers, the leadership at Rocket Dollar felt it an important step to ensure the online safety of our customers.
We will continue to undergo regular external audits in order to ensure that Rocket Dollar is always adhering to security best practices, and push forward on our commitment to security.