AdvicePay Receives SOC 2 Type II Attestation

Independent Audit Verifies AdvicePay’s Internal Controls and Processes

Bozeman, MT – AdvicePay, the leading fee-payment-processing platform designed exclusively for financial advisors, today announced that it has completed its SOC 2 Type II audit, performed
by KirkpatrickPrice. This attestation provides evidence that AdvicePay has a strong commitment to security and to delivering high-quality services to its clients by demonstrating that they have
the necessary internal controls and processes in place.

A SOC 2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit,
a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested. The SOC 2 report
delivered by KirkpatrickPrice verifies the suitability of the design and operating effectiveness of AdvicePay’s controls to meet the standards for these criteria.

“We are proud to have completed the SOC 2 Type II examination and audit for the second time. Tens of thousands of clients place their trust in our system to deliver best-in-class solutions and
safeguards to protect and secure their data,” said Alan Moore, CEO & Co-Founder of AdvicePay. “The successful completion of the SOC 2 Type II examination and audit further proves our commitment to providing the most stringent safety measures to deliver enterprise-grade solutions.”

“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “AdvicePay delivers trust-based services to their clients, and by communicating
the results of this audit, their clients can be assured of their reliance on AdvicePay’s controls.” 


About AdvicePay

Established by well-known financial advisors Michael Kitces and Alan Moore, AdvicePay is the only billing and payment processing platform created specifically for fee-for-service financial
planning. Financial advisors benefit from efficient invoicing and payment workflows designed exclusively to support their businesses, including up-to-date compliance and data security
management. Users can issue agreements for client e-signature, accept ACH and credit cards, bill hourly or one-time fees, or establish recurring retainer or subscription billing compliantly –
all through the AdvicePay system. To learn more about the AdvicePay platform, visit http://www.AdvicePay.com.


About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America,
South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information
security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA
frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on LinkedIn, or subscribe to our YouTube
channel.

Vendor Due Diligence During a Crisis

For years, businesses have relied on third-party vendors to provide critical business functions, and this especially true today as the surge of remote workers continues and third-party vendors work tirelessly to meet the influx in demand. Third-party vendors are also doing what they can to help offset the impact of the health crisis – they’re banding together to offer free products and services. As we all adjust to social distancing and working from home, telecommunication and collaboration services from companies like Microsoft, Google, Slack, Cisco, LogMeIn, and Zoom have tried to make it easier for people to connect by offering part of their services for free. Other software and technology providers are giving free access to premium-level products. However, as remote work becomes the new norm, these “free” services might actually turn out to be more harmful and helpful as you navigate this crisis if you don’t know what to look for when partnering before you partner with them. As businesses across the globe start to take advantage of the waived sign-up fees, longer free trial periods, and suspended payments during this time of uncertainty, they also need to be cautious of who they’re really partnering with.

What Should You Be Looking for When You Partner with Third-Party Vendors?

No matter what is going on in the world, third-party vendors will always introduce additional risks into your environment. With the uncertainty of how long the coronavirus pandemic will last, it’s more important than ever to analyze what those risks are and how they could potentially impact the continuity of your business.  Here’s how you can do it.

  1. Start with the general information. Get to know the business before you sign up for anything! What is their mission statement? Does it align with yours? What are all of the services they offer? What does the company structure look like? Where are they located? How will the services continue during a WFH environment?
  2. Conduct a financial review. As the economy continues to be in distress, can you rely on the vendor to stay in business? Are they stable enough? What would be the impact to your company if they went out of business?
  3. Determine the reputational risk. Is this a well-respected company? How could partnering with them potentially damage your organization in the future?
  4. Verify insurance. A lot is out of our control right now. If you decide to partner with a third-party vendor, insurance is a necessity. You should validate that your vendor has general liability and cybersecurity insurance, as well as insurance related to any specific services.
  5. Perform an information security technical review. Now is not the time to skip steps and lack thoroughness. If you’re trusting a third-party vendor with your critical assets, you need to know what their security hygiene looks like.
  6. Review policies. To ensure you know exactly how your vendor conducts business, be sure to review their policies.

Case Study: Zoom’s Mishap

Zoom offers a variety of collaboration tools, but over the last few weeks, the company has seen a demand for their services like never before as after they announced that many of their services would be free. By scaling from 10 million users per day to 200 million users, it seemed quite likely that Zoom would become an instant target for data breaches. And they were. Over the last few weeks, it seems like Zoom has faced a new security challenge every day, from “Zoombombing” to lawsuits to a ban for Google employees. This has left Zoom hurrying to remediate the exploited vulnerabilities and millions of users’ security compromised.

There is a silver lining in all of this, though. The security incidents coming from Zoom have exposed the heightened need for consumers and businesses to analyze – or even scrutinize – any third-party vendor they work with.

Don’t let this time of fear of the unknown keep you from being vigilant when it comes to protecting your business and employees against cyber attacks. Make sure you do your due diligence when partnering with third-party vendors, no matter what’s going on in the world. Contact us now to find out how we can help.

More Vendor Due Diligence Resources

What to Look for in a Quality Vendor

How to Read Your Vendor’s SOC 1 or SOC 2 Report

Vendor Compliance Checklist

Common Gaps in Vendor Compliance Management