Insurtech, CDL, has achieved the exacting System Organisation Controls (SOC) 2, Type II certification – the compliance certification for cloud-only services. In random sampling across hundreds of control measures, CDL consistently demonstrated the highest standards of security and availability.
The outcome of the rigorous examination and evaluation of the evidence-based audit by an independent third party validates CDL’s capabilities and the security effectiveness of the systems and processes it has in place for handling client data.
SOC 2 audits are essential in assessing vendor management programmes, regulatory oversight, and internal governance and risk management. As defined by the American Institute of Certified Public Accountants (AICPA), the criteria measured are based on five trust service principles, namely: security, service availability, processing integrity, confidentiality, and privacy.
As part of the review process, CDL submitted a wealth of evidence from across its entire cloud inventory which was judged against several hundred controls, including the specific configuration of security tools. Alex Haynes, Chief Information Security Officer at CDL, summarises: “In short, the assessment scrutinises everything that is in the cloud, or connected to the cloud.”
The controls test and evidence CDL’s products, including Strata – the end-to-end retail platform for powering high volume insurance transactions – and Hummingbird, the data intelligence solution for searching and analysing millions of data records. The result also confirms the company’s required security controls to protect customer data, easily detect anomalies and violations across the entire ecosystem, and prevent risk and quickly repair damage in the rare case of data breaches or system failure.
Haynes continues: “At CDL, we have a strategic focus on cloud-only products and services, so achieving SOC 2 Type II principles – something viewed as the ‘gold standard’ in cloud compliance certification – means our existing and future clients can be assured their data we’re entrusted with is in safe hands.”
CDL will continue to engage with the SOC 2 process to complete assessments for the remaining trust service principles of integrity, confidentiality, and privacy.