Engineering

Citadel ID obtains SOC 2 Type II, becoming the most secure payroll API platform

We’re excited to announce that Citadel ID, a platform for connecting to over 100M payroll accounts via a single API, has received SOC 2 Type II certification.


What is SOC 2 Type II?

SOC 2 is a deep, external audit delivered in a detailed final report that closely examines a company’s information systems to ensure they meet the highest standards for information security.  SOC 2 reviews are based on the AICPA’s Trust Service Criteria.

The certification underscores our adherence to one of the most stringent, industry-accepted auditing standards for software companies and provides additional assurance to our clients, through an independent auditor, that our business process, information technology and risk management controls are properly designed. 

We needed a SOC 2 report to prove that our information security was up to par, especially since we are in the business of handling very sensitive data. We work with some of the largest and most highly regulated companies in the US and being certified is a necessity to accelerate Citadel’s adoption. Now that our certification is complete, having our security monitoring in a central system makes it easier to ensure compliance on an ongoing basis.

SOC 2 Type II Certification

Citadel’s SOC 2 Type II examination was performed by Dansa D’Arata Soucia LLP, facilitated by Vanta, and our compliance certification began May 1st, 2021.  A huge shout-out to Johannes Grasser, our Director of Operations, who put many hours into this certification over the past 6 months and was the driving force behind becoming SOC 2 Type II compliant.

The official audit report provides a thorough review of our internal controls, policies, and processes for verification of employment and income, switching direct deposit and connecting HR admin accounts to an app. It also reviews our processes relating to risk management and subservice (vendor) due diligence, as well as our entire IT infrastructure, software development life cycle, change management, logical security, network security, physical & environmental security, and computer operations.

A copy of Citadel ID’s SOC 2 Type II report can be shared with our prospective customers under NDA. As a first step, please schedule a demo.

Similar posts