Our latest insights

Why We Went for SOC2

Share this post

Share on facebook
Share on linkedin
Share on twitter
Share on email
Okay AS
Why We Went for SOC2

For us, organisational security has been high on the agenda, so we started a new compliance process in 2021 after completing the most recent round of product compliance. There were a couple of “standard frameworks” we reviewed, but we ultimately decided to opt for SOC2.

Product Compliance First, Organisational Compliance Second

The first priority was to make sure that our product, the Okay Strong Customer Authentication platform, complied with the Regulatory Technical Standards of PSD2. We updated our compliance in 2020 and early 2021 with Prosa and SRC GmbH. There is no such thing as a certification with PSD2, but a thorough audit of the product and service guaranteed our customers that they could integrate a compliant solution into their overall PSD2 effort.

The organisation’s security and resilience was the next high priority item in line, as they are part of the overall service we provide. For this we looked at two sets of frameworks: the first was SOC 2, which is an audit framework designed by the American Institute of Certified Public Accountants (AICPA) to assess the security of organisations. The second was ISO/IEC27001 (or ISO27001), an international standard published by the International Organisation for Standardisation (ISO). We chose the former.

So, Why SOC2?

SOC2 is American, while ISO27001 is European. Given our focus on PSD2, we are clearly set in Europe, at least for now. So why did we go for SOC2?

We thoroughly reviewed both options and what it would mean for our organisation. SOC2 looked like a more appropriate step towards compliance for a lean organisation like Okay, and would allow us to focus on the most important aspect for our customers – security. We even compared the InfoSec (Information Security) requirements from our customers with SOC2 requirements. The conclusion? It made sense as we generally had a good match.

We also opened up the topic with our customers, prospects and partners. Although SOC2 comes from America, it is well perceived in our market by our stakeholders, and represents a token of our efforts to secure our processes and systems.

Continue reading at okaythis.com/blog.


More To Explore

Login or Register

Don't have an account?

Are you part of the Payments Association community?

Not yet set up your login for the Payments Association Community Platform? Set it up now

Set up a free account for instant access to our content

You don’t need to be an Payments Association member to view the majority of our content. Simply enter your details below once to set up your login details and get access to our library of whitepapers, podcasts, consultation papers, webinars and more.

First Name*
Last Name*
Company Name*
Job Title*
Business Email Address*
Confirm Password*
The Payments Association exist to help drive the industry forward. As such the Payments Association may contact you about any future content or events that we think you may have a legitimate interest in. We will store your information securely and will never share your details with third parties other than the relevant resource(s) sponsor(s)/curator(s). You may opt out at any time. By clicking register you are agreeing to the terms of our Privacy Policy.

← back