Treasure recently completed AICPA Service Organization Control (SOC) 2 Type I Audit, which demonstrates our commitment to protecting client data.
When discussing the corporate values that are most important to Treasure and our clients, there is no question that principles related to security and compliance guide how we deliver our products and services. Treasure’s commitment to these values enables our customers to simply and securely access the digital world with their important financial data.
Secure Personnel
Treasure is vigilant about the security of our clients’ data, as well as our own. We ensure that only vetted and approved personnel are given access to these resources. Our embedded culture of security includes annual employee security training, as well as ongoing testing using current and emerging techniques and attack vectors. Some examples of how Treasure prioritizes security as a core value include:
- All of our employees and contractors undergo background checks prior to being engaged or employed at Treasure in accordance with local laws and industry best practices.
- Confidentiality agreements or other types of NDAs are signed by all of our employees, contractors, and others who access sensitive or internal information.
Cloud Security
To ensure clients always have peace of mind when using our platform, Treasure’s cloud provides maximum security with complete customer isolation in a modern, multi-tenant cloud architecture.
Our cloud leverages the native physical and network security features and requires providers to maintain the infrastructure, services, and physical access policies and procedures.
All Treasure customer cloud environments and data are isolated using a proprietary isolation approach. That means that each customer environment is stored within a dedicated trust zone to prevent any accidental or malicious co-mingling. All of our customer data are also encrypted at rest and in transmission to prevent any unauthorized access or data breaches. The entire Treasure platform is also continuously monitored by dedicated, highly trained experts.
We separate each customer’s data from Treasure’s data by utilizing unique encryption keys to ensure all of the data are protected and isolated. Our client’s data protection complies with SOC 2 standards to encrypt data in transit and at rest, ensuring customer and company data and sensitive information are protected at all times. Lastly, we implement role-based access controls and the principles of least privileged access and revoke access as needed.
Compliance Security
Treasure is committed to providing secure products and services to safely and easily manage billions of digital identities across the globe. Our external certifications provide independent assurance of our dedication to protecting our customers by regularly assessing and validating the protections and effective security practices that we have implemented for our clients.
SOC 2 Type 1
We are excited to announce that Treasure successfully completed the AICPA Service Organization Control (SOC) 2 Type I Audit. The audit confirms that Treasure’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
To prepare for the SOC 2 Audit, we utilized the Vanta automated security platform. Treasure was audited by Prescient Assurance, a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting firm in the U.S. and Canada and provides risk management and assurance services, which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR, etc.
This SOC 2 Type I audit report demonstrates to Treasure’s current and future customers that we manage their data with the highest standard of security and compliance. Customers and prospects can request the SOC2 audit report.
For Treasure, ensuring security for our customers is the first pillar in building a trusting, successful relationship. Treasure will continue to pursue appropriate certifications like the SOC 2 Audit, as well as maintain ongoing testing and ensure compliance to all appropriate security regulations. Treasure customers can rest assured that security is our priority and that we’ve taken every available step to protect them and their data.
Scott Williams (Chief Compliance Officer)
Treasure Investment Management, LLC
Disclaimer: The views and opinions in this piece are just the authors' own, offered to the public at large and not to any one particular investor.