News

Briza Successfully Completes SOC 2® Type 2 Examination

Rakesh
January 26, 2022

We know how essential data security is to our partners, which is why we are pleased to announce that Briza is now SOC 2 Type II compliant. Meeting SOC 2 compliance is a key part of Briza’s ongoing commitment to our existing and future customers who can be confident about the security of their insurance data with Briza. 

A SOC 2 Type II report is granted after a company undergoes an auditing process administered by an independent, third-party audit firm. Successfully completing the SOC 2 examination signifies Briza has voluntarily developed and implemented a system of controls and operational processes to meet a renowned security standard of excellence.

What is SOC 2, and why does compliance matter?

Briza has successfully completed a System and Organization Control (SOC) 2 Type II audit. The SOC 2 Type II report was attested to by a licensed and independent audit firm and issued without any noted exceptions, and therefore was issued with a “clean” audit opinion. 


SOC 2 Type II Report

This is a report on the suitability of the design and operating effectiveness of the controls implemented on our core systems, ancillary system components and business processes that enable our principal service which is Briza’s unified API and other supporting services. Importantly, it provides assurance to external parties with respect to security and availability of the systems enabling Briza’s unified API, and confidentiality of the information processed by these systems.

SOC 2: Significance

SOC 2 audits are rigorous, and SOC 2 Type 2 reports are attested per the SSAE-18 standards published by AICPA. The SOC 2 framework includes the 17 principles of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control — Integrated Framework, along with supplemental controls. Briza’s implementation of security controls aligns with the COSO principles and the supplemental controls. 

We have put in place continuous monitoring of the health of these controls by leveraging automations in almost all areas, and we have a dedicated team that oversees its performance. Below are some numbers that give an overview of the efforts that we had put in for the 2021 SOC 2 audit cycle.

  • 3 Trust Service Criteria: Security, Availability and Confidentiality
  • 17 COSO Principles
  • 86 Security controls implementation
  • 117 Audit tests of the effectiveness of control implementation 
  • 37 Security related documentations

Our Commitment

Briza has committed to ensuring that the company adopts industry best security practices, and will be proactive in mitigating risks related to the confidentiality, availability, and security of the information that we process and handle. We continue to make significant investments in this regard. The achievement of the SOC 2 report with a clean audit opinion is a testament to this commitment, and provides assurance to our partners present and future. 

If there is a requirement to review Briza’s SOC 2 Type 2 report, please write to marketing@briza.com. For any questions pertaining to the SOC 2 report, please write to security@briza.com


Rakesh

With over a decade of experience in the security domain, Rakesh is fuelled by the passion to inspire everyone in the organization to identify themselves as champions of security. And ensuring that the organization as a whole is invested and committed to the security, availability and confidentiality of the data that is entrusted with them. In his spare time, he likes to do long distance running and sculling.

Related