Types of SOC Audits + Why They Matter To You and Your Clients
SOC should be very much on the radar of both real estate agents and their clients. Essentially, this type of compliance ensures that companies are performing annual audits and demonstrate effective internal controls regarding the security of private client information.
Think about the amount of personal financial information that is passed back and forth during a real estate transaction, and you’ll quickly realize why SOC audits are crucial to protecting clients. Here’s a closer look at the different types of SOC audits.
SSAE-18 – SOC 1 – Type I
The SOC 1 Report details the controls that have been put in place that guide our escrow processes concerning: escrow best practices, banking, training, employee hiring, notary & vendor vetting, licensing, handling of consumer complaints, and insurance coverage. All of our SOC 1 controls are custom-designed for our company by our accredited auditing firm using the ALTA’s Best Practices Handbook.
SSAE-18 – SOC 2 – Type I
The SOC 2 Report details the controls that have been put in place concerning the security, integrity, confidentiality, and privacy of our IT systems, which include: escrow software, servers, internal networks, and employee computers. All of our SOC 2 controls are custom-designed for our company by our accredited auditing firm using the ALTA’s Best Practices Handbook.
SSAE-18 – SOC 1 & SOC 2 – Type II
Type II reports are done over a period of time to test the efficiency and effectiveness of the Type I controls put in place. A Type II report cannot be done at the same time as a Type I report. Once a Type 1 report is issued, the Type II testing must occur at least one year later to test for a full year of the controls put in place. Pango Group has its controls tested annually, and we have had an SSAE16(former name)/SSAE18 Type II report for six years in a row.
Now that we have established an overview of SOC Audits, here are the ways in which we use them at Pango Group to protect our clients:
- We have SSAE18 SOC 1 & SOC 2 – Type II Reports – Most escrow companies we have seen only get the SOC 1 Type 1, which doesn’t test their systems and is the most basic report.
- We have a backup server in another County in case of fire, earthquake, natural disasters, etc.
- Encrypted Emails – Protect our clients’ Nonpublic Personal Information
- Background checks are completed on all new employees & temporary employees.
- We use an advanced escrow software called Qualia, which is on a secure cloud platform.
- We test our Business Continuity & Disaster Recovery Plan on an annual basis.
- All vendors and notaries we work with are vetted beforehand.
- We hire a company to “hack” our systems annually. Called a Penetration Test, the test can help us fix any problems we may have with our systems.
- Quarterly employee training is conducted on our Policies & Procedures, which are based on the ALTA Best Practices.
If you have questions about this topic or anything related to escrow, please reach out. Our team is here to support and serve you.