DALLAS and BURNABY, British Columbia -

EFG Companies and Inovatec are taking extra precautions to make sure the data their clients entrust to them remains safe and secure.

Inovatec, a cloud-based software solutions provider, recently announced that it has completed its SOC 1 Type II and 2 Type II audits. The company insisted these moves demonstrate Inovatec’s commitment to high-quality service for its clients by ensuring necessary internal controls and processes are in place.

Meanwhile, EFG Companies recently achieved a new level in data security for both clients and contract holders with the Service Organization Control 2 (SOC 2) Certification under the Statement of Standards for Attestation Engagements 18 (SSAE 18) guidelines from the American Institute of Certified Public Accountants (AICPA).

Several years ago, EFG Companies recapped that it took proactive steps to secure its own data and achieved SSAE 16 certification in 2016. Since then, EFG continued its efforts to further augment the company’s security measures, investing close to a quarter of a million dollars annually on security enhancements, and achieving SSAE 18 certification in December.

According to recent risk-based security research, 3,800 publicly disclosed data breaches occurred in the first six months of 2019, exposing up to 4.1 billion records. This represented a 50% increase over the last four years.

As companies increase their reliance on technology to house personal, confidential information, that same research indicated data breach attempts are expected to increase, as well.

KirkpatrickPrice, a licensed CPA firm, performed the audit and appropriate testing of Inovatec’s controls that may affect its clients’ financial statements. SOC 1 Type II is a report on the controls at a service organization that was established by AICPA. This report follows the SSAE 18 auditing standards and focuses on the controls of a service organization that are relevant to an audit of a user entity’s financial statements.

The standard demonstrates that an organization has adequate controls and processes in place. The SOC 1 Type II audit report includes Inovatec’s description of controls as well as the detailed testing of its controls over a minimum six-month period.

SOC 2 engagements are based on the AICPA’s Trust Services Criteria. The SOC 2 service auditor report focuses on a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of Inovatec’s controls to meet the standards for these criteria.

“The successful completion of our SOC 1/2 Type 2 examination audits provides our clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line with industry standards and best practices,” Inovatec information security officer Christian Reina said in a news release.

KirkpatrickPrice president Joseph Kirkpatrick added,  “Many of Inovatec’s clients rely on them to protect consumer information. As a result, Inovatec has implemented best-practice controls demanded by their customers to address information security and compliance risks.

“Our third-party opinion validates these controls and the tests we perform provide assurance regarding the managed solutions provided by Inovatec,” Kirkpatrick went on to say.

Like Inovatec, leadership at EFG Companies emphasized that SSAE 18 certification is the most widely recognized standard providing companies with a method for reporting information about the design and operation of internal systems and controls relating to privacy and security regulations. SOC 2 reports evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality and privacy.

“Over the last few years, we’ve enhanced our digital capabilities to integrate seamlessly with our client’s systems, while also ensuring the security of their proprietary information and private consumer data,” EFG Companies vice president of technology Maurice Hamilton said in a separate news release.

“We methodically complete every technology enhancement, with both usability and security in mind.”

EFG Companies stressed the SSAE 18 certification demonstrates to clients and contract holders that the firm has the necessary processes in place to ensure that personal and confidential information is more secure than almost any other product provider.

With the amount of confidential consumer information collected in the retail automotive industry, data security is mission critical to successfully conducting business going forward, according to John Pappanastos, president and chief executive officer of EFG Companies

“In this digital era, our dealer and lender clients rely on EFG’s technology for everything from rating products and processing claims to reviewing reinsurance positions and billing,” Pappanastos said.

“Additionally, as the automotive industry moves into online retailing, dealers, lenders and manufacturers have recognized the need to not only protect their own data, but also partner with administrators that have the same laser focus on data security and compliance,” he went on to say.