Finxera Receives SOC 2 Type I Attestation Report, HIPAA Security Rule Compliance Report, and PCI Report on Compliance

by Sarah Harvey / April 28th, 2017

Independent Audit Verifies Finxera’s Internal Controls and Processes, HIPAA Security Rule Compliance, and PCI Compliance

San Jose, CA – April 2017 – KirkpatrickPrice announced today that Finxera, a payments solutions software company, has received their SOC 2 Type I attestation report, HIPAA Security Rule Compliance Report, and PCI Report on Complinace (RoC). The completion of these engagements provides evidence that Finxera has a strong commitment to deliver high quality services to its clients by demonstrating they have the necessary internal controls and processes in place.

SOC 2 engagements are based on the AICPA’s Trust Services Principles. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of Finxera’s controls to meet the criteria for these principles.

“The SOC 2 audit is based on the Trust Services Principles and Criteria. Finxera has selected the security, availability, processing integrity, and confidentiality principles for the basis of their audit,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “Finxera delivers trust based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Finxera’s controls.”

The Health Insurance Portability and Accountability (HIPAA) Security Rule is a national standard set for the protection of consumers’ Electronic Protected Health Information (ePHI). The ePHI that an organization manages must be protected from anticipate breaches by mandating a Risk Assessment and implementing appropriate Physical, Administrative, and Technical Safeguards. HIPAA laws are regulated by the Office of Civil Rights (OCR) and are meant to protect unauthorized use and disclosure of ePHI.

“We determined from our review that Finxera has good technical controls in place in accordance with industry-accepted standards, and appropriate physical and environmental controls and is in compliance with all HIPAA Security Rule standards,” said Joseph Kirkpatrick, Managing Partner at KirkpatrickPrice.  KirkpatrickPrice’s independent audit determined that all access controls to ePHI stored on Finxera systems is in compliance with HIPAA requirements.

KirkpatrickPrice also performed the audit and appropriate testing of Finxera’s controls that are relevant to the storing and transmitting of information from credit, debit, or other payment cards.  In accordance with the PCI Security Standards Council, KirkpatrickPrice’s Qualified Security Assessors assisted Finxera in becoming PCI compliant. The PCI Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures.  These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card.

“Many of Finxera’s clients rely on their systems to process or store sensitive data and protect information,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “As a result, Finxera has implemented best practice controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the accounts receivables management services provided by Finxera.”

“Maintaining the consumer’s trust is a critical requirement to provide our services.  We are responsible for the care and management of our consumers’ personal and financial information as well their funds,” said Praveer Kumar, CTO and Founder. “Confirmation by KirkpatrickPrice, LLC that Finxera’s security measures and compliance standards are at the highest levels in the industry gives our consumer’s the comfort and trust that their information is secure.”

About Finxera

Finxera which was launched in 2011 provides a suite of API driven financial applications coined “CORE” to allow developers the ability to rapidly deploy payment services within their apps including credit card payments, ACH transfers, peer-to-peer payments, multi-party transactions, wire transfers, check acceptance, and more.

Finxera leverages its national Money Transmitter Licenses and nationwide banking partners to provide FDIC insured stored value accounts as the corner stone of the integrated CORE applications.  Finxera offers to approved channel partners a comprehensive technology and compliance platform to meet the requirements of banking and money transmission regulations.

About KirkpatrickPrice, LLC

KirkpatrickPrice is a licensed CPA firm providing assurance services to over 550 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 10 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SSAE 16, SOC 2, HIPAA, PCI DSS, ISO 27001, FISMA, and CFPB frameworks.