TaxBit Is Independently SOC 2 Certified; What Does That Mean?

TaxBit builds its product platform using industry-standard risk and security frameworks. We'll always be dedicated to following security best practices.

By: Brian Nmezi

Director, Risk and Security

Published on:

At TaxBit, we understand your security and privacy are of the utmost importance. Whether you’re an investor who wants to protect your own data, or a company that wants to extend that protection to its users’ data, we’ve got you covered.

While system and organization control (SOC) certification isn’t formally required, TaxBit is proud to announce that we have completed another year of the SOC 2, Type 2 compliance audit. The TaxBit team understands data security is critical, and we seek to meet the highest standards in cybersecurity and risk management.

A SOC examination tests the strength of an organization’s internal controls. During the process, SOC auditors also provide objective feedback and action items to help improve safety and reliability.

Below, learn more about the importance of a SOC 2 report and the information it contains. We hope it provides you with strong peace of mind when you’re using our platform.

What is SOC 2? 

A SOC 2 report evaluates data security and storage. Auditors take the following into consideration:

  • What the company wants to communicate to its users

  • User needs

  • Organizational controls in place to ensure user needs are met in a safe and secure environment

During a SOC 2 audit, a company will be measured by the Trust Services Criteria. The relevant elements of the Trust Service Criteria are:

  • Security

  • Availability

  • Processing Integrity

  • Confidentiality

  • Privacy

During a SOC audit, many areas of a company are examined; in addition to its infrastructure and software, auditors will also look at a company’s employees and its policies and procedures.

What is SOC 2, Type 2? 

When a SOC 2, Type 2 audit is conducted, the assessment process includes vendor risk management and third-party penetration testing. The Type 2 designation means assessed controls are in place and have been followed for the entirety of the audit period.

Why is it important for TaxBit to have SOC 2, Type 2 certification? 

Due to an ever-changing security landscape, TaxBit builds its award-winning product platform using industry-standard risk and security frameworks.

Our architecture has built-in, effective cybersecurity protection and strict data privacy governance.

We dedicate ourselves to following security best practices which include:

  • Least privilege access model for production environments

  • Continuous monitoring of servers and endpoints

  • Robust threat and vulnerability management program

  • Thoroughly tested security incident response plan

  • Encryption of data in motion and at rest

  • Well-established and effective enterprise risk management program

  • Third-party network and application penetration tests

Who performs a SOC 2 audit? 

The final report is always issued by a certified public accountant (CPA). However, many accounting firms and other CPA organizations employ cybersecurity professionals to assist with the audits.

CPAs must be licensed and certified by the American Institute of Certified Public Accountants (AICPA) to perform a SOC audit.

A SOC 2 report is backed by a whole host of professionals dedicated to creating the strongest possible security practices.

Next steps

The SOC 2, Type 2 audit isn’t a singular audit; TaxBit will continue to meet its requirements on an annual basis.

We look forward to continually showing TaxBit’s commitment to implementing and exercising world-class security principles for our customers.

Get Started Today!

Generate your cryptocurrency tax forms now