At Edgefolio, security isn’t just a buzzword or a certification to add to our website. It is a prerequisite to work with the top-tier global investment banks that we count among our customers, and as such is fundamental to everything we build and deliver. According to data from Sophos in their recent survey titled “The State of Ransomware in Financial Services 2023”, 64% of financial services organisations faced a ransomware attack in 2023, almost double the rate reported in 20211.
Our investment bank clients are among the most targeted organisations in the world for ransomware attacks, and understandably they have very aggressive security requirements. Any organisation that has successfully sold software to a bank will have passed an incredibly detailed security assessment.
Over the years, Edgefolio has been put through the security assessment wringer time and time again and has always come through with shining colours. We’ve had feedback such as “[We’ve] never seen a vendor risk assessment go through so quickly with little/no findings” and “You’ve broken bank records here!”.
Given the importance of security, the fact that Edgefolio has already met (and exceeded) the security standards required by our demanding client base, and the existence of a globally recognised framework for benchmarking purposes, it was a logical next step to have our strengths in this area officially certified via SOC2 certification.
Edgefolio is SOC2 Type 1 compliant
SOC2 (System and Organization Controls 2) compliance is a rigorous framework developed by the American Institute of CPAs (AICPA) to assess an organisation’s security, availability, processing integrity, confidentiality, and privacy controls.
SOC2 Type 1 compliance means an independent auditor has verified that Edgefolio’s controls and processes meet these stringent criteria. Our accreditation now matches our reality.
So what has changed now Edgefolio is SOC2 compliant? Well….nothing really. Only that we are now officially certified by independent assessors as meeting a standard we have met and exceeded for years. That is not to say the process was easy; supplying the data for the auditors was laborious and time-consuming, but necessary, we felt, to demonstrate our commitment to this cause. We are very proud to have achieved this level of accreditation but also recognise that this is an ongoing battle to stay ahead of bad actors.
For our non-bank clients, who may not have assessed our security credentials in the same level of detail as our investment bank clients, SOC2 compliance provides formal independent assurance of our commitment to corporate governance and system security. This will no doubt be of interest and value to our many hedge fund clients, who have long been informally aware they were receiving investment bank-grade security in our solutions. We’ve made it official.
For more information on our secure and compliant fund marketing and cap intro solutions for prime brokers and hedge funds, please get in touch.