Itemize has successfully completed its Security Organization Controls (SOC) 2 Type 1 audit for its Receipt Processing system, This certification helps provide assurance to existing and prospective clients regard the controls and processes relevant to data security. The SOC 2 examination was conducted by Auditwerx, an independent third-party auditor, and a division of Carr, Riggs & Ingram, LLC.
The SOC 2 Type 1 report evaluates the company’s existing controls, based on the criteria set forth by the American Institute of Certified Public Accounts (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability, process integrity, confidentiality, and privacy. During a rigorous period of examination, Auditwerx assessed Itemize’s controls and determined that these controls meet the criteria for the security principles set forth in AICPA’s Trust Services.
The SOC 2 Type 1 Audit examined Itemize’s controls and processes in the following areas:
- Security awareness and communication
- Risk assessment
- Logical and physical access
- Security monitoring
- User authentication
- Incident management
- Asset classification and management
- Systems development and maintenance
- Personnel security
- Configuration management
- Change management
- Monitoring and compliance