It’s Official: Monit is SOC 2 Compliant!

We’re excited to announce that Monit is SOC 2 Type I compliant! Committed to building trust with our partners, end-users, and the marketplace, we’re able to assure our customers of the highest standards of information security and protection.

Monit is a digital intelligence tool that empowers small-to-medium-sized businesses to manage cash flows and receive personalized, actionable financial advice all in one place, as an intelligence layer integrated with their existing accounting software. Monit is provided to business owners by their bank or credit union. With data and insights at the heart of the application, assuring that data is secured is paramount and our top priority. Our SOC 2 audit was a crucial step in the promise of building a more secure ecosystem.

What is a SOC 2?

As the gold standard of information security certifications, Service Organization Control (SOC) reports are based on five American Institute of Certified Public Accountants (AICPA) trust services criteria. Our audit passed on all five accounts, which include:

1. Security
2. Availability
3. Processing integrity
4. Confidentiality
5. Privacy

Our Type I report addressed that all information stored on the application is secured due to the design and structure of the proper controls, policies, and procedures.

The Preparation Process

In achieving the certification, Monit worked with Laika to create a bespoke compliance program. Our preparation process included building policies, controls, and documents that were key components for the certification. As an organization, we created policies that all internal employees must abide by, and controls, or specific activities, everyone must perform to satisfy the respective policies.

After completing all policies and implementing the associated controls, Monit went through a SOC 2 readiness assessment to test the following requirements needed for audit:

1. Policies: Principles and rules are established and properly adopted
2. Evidence: Controls can be demonstrated to prove the effectiveness
3. Procedures: Methods are deployed to express how controls are expressed day-to-day
4. Tools: Programs selected are defined in the policies and procedures, and provide supporting evidence

The Audit Process

After seamlessly passing the readiness assessment, Monit partnered with Grassi & Co, a leading licensed CPA audit firm, to define the scope of the audit, evaluate the policies and procedures, and determine the controls to implement to reduce any risk. Because we thoroughly prepared with Laika’s concierge architects and anticipated a majority of the auditors’ questions, our audit experience was a smooth process with limited back and forth.

The process began with an initial kickoff meeting, during which we shared documentation, evidence, additional reports from the Laika platform. After the kickoff, the audit itself was fast and streamlined, and Monit acquired the report after roughly three weeks.

What We Learned

Throughout the process, we learned a few things:

1. Security and compliance isn’t just a checkbox

With data privacy dominating headlines regularly, consumers expect strong security protocols. And, maintaining that high level of security isn’t a one and done affair. It takes ongoing work to maintain controls, cultivate compliance culture, and prepare for a SOC 2 re-audit.

2. Having a platform is better than a piece of paper

While going through the decision-making process, Monit evaluated various options including audit only options. The centralized Laika system housing documents, processes, control evidence, and vendor management all in one place proved to be the deciding factor. It is useful not only for audit preparation but also as we grow and onboard new people. Walking them through our security standards in one place is extremely efficient.

3. Working with experienced partners ensures success

Having a security-first mentality is step one. Finding and working with partners who can navigate the landscape and ensure the successful implementation of our security goals made all the difference. We acknowledge all of our partners and vendors who helped make our goals a reality and appreciate their considerable efforts.

What’s Next

We believe growth starts from a secure, strong foundation, and our SOC 2 Type I certification is a testament to Monit’s commitment to data protection. As we continue to grow, information security and privacy will always remain our top priority.

Monit will continue to pursue certifications that demonstrate our commitment to the highest security standards in the industry. As such, we are preparing for our SOC 2 Type II preparation and audit in 2021.