LegitScript, the leader in merchant and product certification and monitoring in the e-commerce and payment sectors, announced its successful completion of Service Organization Control (SOC) 2 examination and Type II Compliance, as well as ISO 27001 certification. Completion of these two standards further strengthens LegitScript’s commitment to being a trusted and secure partner for its clients and their data assets.
A SOC 2® assessment involves an independent audit of many aspects of a company’s practices, including employee controls and training, IT systems and risk management control, product discipline, and vendor selection. The SOC 2 report from A-LIGN, which is recognized globally for its rigor, involves a careful review of a company’s systems and organizational controls.
“Completing this audit is critical in our line of work because we partner with payments companies, internet platforms, and government agencies, all of whom have data assets that are particularly sensitive and critical,” said CEO Scott Roth. “We want our clients to have the highest confidence that LegitScript adheres to best practices to keep their information secure.”
Completion of these two audits sets LegitScript apart in the e-commerce monitoring space. Not only do we provide the leading monitoring and certification services for high-risk industries, but we now also demonstrate the highest commitment to organizational security.
Scott Roth, CEO
The standards for SOC 2 compliance are set by the American Institute of Certified Public Accountants (AICPA). LegitScript successfully completed its initial SOC 2 Type I audit and then continued to advance through the process, receiving Type II compliance in December 2021. While a Type I assessment indicates compliance on a specified date, a Type II assessment is more thorough because it verifies compliance throughout a specified period. Testing will be ongoing to ensure continued compliance.
In addition to the widely recognized US SOC 2 assessment, LegitScript also recently achieved ISO 27001 certification. ISO 27001:2013 is the internationally recognized standard for information security management and, like LegitScript’s SOC 2 Type II certification, it will be audited annually for ongoing measurement and improvement.
“In an age where everyone is at risk of security breaches, companies need to carefully consider the practices of vendors who handle their data,” Roth said. “Completion of these two audits sets LegitScript apart in the e-commerce monitoring space. Not only do we provide the leading monitoring and certification services for high-risk industries, but we now also demonstrate the highest commitment to organizational security.”