Compliance Standards

Compliance

Companies of every size and industry face the challenge of meeting complicated and ever-evolving compliance requirements. These requirements range from SOC, HIPAA, HITRUST CSF, PCI, ISO, NIST and more. As a service provider that shares security responsibilities with its clients, NFINIT is committed to enabling our clients’ compliance. Compliance enablement starts with working with clients to identify their needs, and then designing a solution that keeps their environment compliant and secure. In addition, NFINIT undergoes annual SOC audits performed by a third-party auditor.

SOC Overview

System and Organization Controls (SOC) Reports demonstrate how NFINIT achieves key compliance controls and objectives, which helps our clients and their auditors understand the NFINIT controls established to support operations and compliance.

FAQ

What period do the NFINIT SOC Reports cover?

NFINIT SOC 1, SOC 2, and SOC 3 Reports cover a 1-year period. (May 1st through April 30th).

How often are the NFINIT SOC Reports issued and when can I expect a new report to be released?

NFINIT issues SOC 1, SOC 2, and SOC 3 Reports once a year.
New reports are usually available by mid-July.

How do I attain a copy of a SOC Report?

Existing NFINIT Clients can easily attain SOC Reports and Bridge Letters via the self-serve Compliance section on the NFINIT Client Portal. Potential Clients can receive the SOC 1, Type 2 and SOC 2, Type 2 after signing an NDA. SOC 3 Reports do not require an NDA. Please contact us if you are interested in receiving a SOC report.

What if my audit period ends after the NFINIT SOC Report period? Does NFINIT provide Bridge Letters?

NFINIT provides clients a Bridge Letter upon request. A Bridge Letter is a letter that bridges the “gap” between the most recent NFINIT SOC report end date and the date of the bridge letter.

NFINIT clients commonly provide a Bridge Letter to their auditors to cover the amount of time between the most recent NFINIT SOC report and the end of the clients’ audit period.

Under what Standard are the SOC Audit Reports performed?

SOC 1, Type 2 – AICPA Attestation Standards No. SSAE 18 and IAASB ISAE No. 3402 Standards

SOC 2, Type 2 – AICPA Attestation Standards No. SSAE 18 and IAASB ISAE No. 3000 (Revised) Standards

SOC 3, Type 2 – AICPA Attestation Standards No. SSAE 18 and IAASB ISAE No. 3000 (Revised) Standards