CapAcuity has constructed and is committed to maintaining a robust, leading-edge information technology platform, which is overseen by our Chief Technology Officer and in-house technology development team. Our primary goals are to ensure the security and reliability of these proprietary systems, and to protect the financial data and other sensitive information of our clients.
CapAcuity undergoes an annual service organization control-1 type II audit (SOC-1). A SOC-1 is an independent audit of our organizational controls, policies and practices. This audit provides clients and their financial auditors assurance that the results we’re reporting are accurate.
Further, it allows our clients to readily comply with mandated financial laws and regulations (e.g. Sarbanes-Oxley), to enhance their adherence to corporate responsibilities and combat corporate and accounting fraud. Our auditors have consistently issued CapAcuity a clean SOC-1 report with no exceptions.
In addition, CapAcuity undertakes an annual service organization control-2 type II audit (SOC-2). This independent audit of our organizational policies and practices serves to validate the controls surrounding our operations and compliance.
Although a SOC-2 audit only requires auditing the security trust service criteria (TSC), we voluntarily undergo SOC-2 audits for all five TSCs: security, availability, processing integrity, confidentiality and privacy. A SOC-2 represents the highest level of audit for non-healthcare firms (most leading tech companies undergo SOC-2 audits).