CU*Answers, the 100% credit union-owned, data processing CUSO, announced the availability of its most recent SSAE-18 Service Organization Control (SOC) 2, Type II report. Completed by Crowe, LLP, the report verifies the existence of internal controls which have been designed and implemented to meet the requirements for the security principles set forth in the Trust Services Principles and Criteria for Security, Availability, Processing Integrity and Confidentiality. The Type II report not only concerns the policies and procedures in place at a point in time, but validates their effectiveness over a 12-month period. This independent SSAE-18 validation of security controls is crucial for clients and their members.

“The SOC 2 report is indicative of our commitment to transparency in our security efforts,” said Patrick Sickels, CU*Answers Internal Auditor. “By having our SOC 2 report finalized, we are demonstrating to our clients and client-owners we are dedicated to continuous improvement in our security practices.”

By the CU*Answers Board of Directors resolution, CU*Answers will have an SSAE-18 SOC 2 audit every other year. In intervening years, CU*Answers will have an SSAE-18 SOC 1 audit.

The SOC 2 report can be downloaded from the CU*Answers Due Diligence web page. In addition, clients can download older SSAE reports, financial statements, insurance, software escrow reports, request bridge letters, and obtain additional information on disaster recovery/business resumption reports.