Why We Went for SOC2

Share this post

For us, organisational security has been high on the agenda, so we started a new compliance process in 2021 after completing the most recent round of product compliance. There were a couple of “standard frameworks” we reviewed, but we ultimately decided to opt for SOC2.

Product Compliance First, Organisational Compliance Second

The first priority was to make sure that our product, the Okay Strong Customer Authentication platform, complied with the Regulatory Technical Standards of PSD2. We updated our compliance in 2020 and early 2021 with Prosa and SRC GmbH. There is no such thing as a certification with PSD2, but a thorough audit of the product and service guaranteed our customers that they could integrate a compliant solution into their overall PSD2 effort.

The organisation’s security and resilience was the next high priority item in line, as they are part of the overall service we provide. For this we looked at two sets of frameworks: the first was SOC 2, which is an audit framework designed by the American Institute of Certified Public Accountants (AICPA) to assess the security of organisations. The second was ISO/IEC27001 (or ISO27001), an international standard published by the International Organisation for Standardisation (ISO). We chose the former.

So, Why SOC2?

SOC2 is American, while ISO27001 is European. Given our focus on PSD2, we are clearly set in Europe, at least for now. So why did we go for SOC2?

We thoroughly reviewed both options and what it would mean for our organisation. SOC2 looked like a more appropriate step towards compliance for a lean organisation like Okay, and would allow us to focus on the most important aspect for our customers – security. We even compared the InfoSec (Information Security) requirements from our customers with SOC2 requirements. The conclusion? It made sense as we generally had a good match.

We also opened up the topic with our customers, prospects and partners. Although SOC2 comes from America, it is well perceived in our market by our stakeholders, and represents a token of our efforts to secure our processes and systems.

Continue reading at okaythis.com/blog.

 

Article by Okay AS

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?