Realto is Now SOC 2 Compliant

News

We are excited to announce that Realto is now SOC 2 Type I certified.

At Realto, Cyber Security is extremely important. Customers trust us with their personal and financial information, and it is our duty to do the utmost to ensure our customer’s information is safe with us – we take this responsibility very seriously.

What is SOC 2?

The SOC 2 audit is a full technical and process inspection of all our systems and controls performed by an accredited, independent, third-party auditor. The main objective is to ensure that Realto’s service commitment and system requirements meet the best-in-class criteria set forth by the American Institute of CPAs (AICPA) across different trust services such as Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Type I vs. Type II

The SOC 2 Type I certification involves an auditor evaluating our organization at a specific point in time. The SOC 2 Type II certification attests that our organization complies with all SOC 2 Type 1 policies for an extended period of time (typically six months), without any policy breaches.

The Certification Process

We chose to work with Vanta, a service that streamlines the process by automating the collection of up to 90% of the evidence needed to prove SOC 2 compliance. Vanta connects directly with tools that we use and informs us if there is anything we need to address, without breaking any service-level agreements (SLAs).

As part of the process, we also had to revamp our policies and procedures in:

  • Access Control
  • Asset Management
  • Data Management
  • Cryptography
  • Human Resource Security
  • Incident Response
  • Information Security (AUP)
  • Operations Security 
  • Physical Security 
  • Risk Management
  • Secure Development
  • Third-Party Management
  • Inventory Management

Next, we had a system penetration test performed. We chose to work with Rhymetec to perform our first penetration test. Rhymetec conducted tests against our external and internal systems. The initial test found six Low and three Informational severity findings which were promptly remediated and confirmed as fixed by Rhymetec. After re-testing, only one Informational finding remained.

Finally, we worked with Johanson Group LLP who reviewed the evidence collected by Vanta and performed our audit.

Going Forward

We decided to get our SOC 2 Type I certification to demonstrate our commitment to protecting our customer’s data and to provide confidence in the processes and controls we have in place. To expand our commitment, we are planning on getting our SOC 2 Type II in Q3/Q4 of 2022.

Rigo Neri – Chief Technology Officer, Realto

Menu