Back to all articles

Prevent, Analyze, and Secure: How SSAE18 (Soc 2 Type 2) And ISO 27001 Protects Your Financial Data With Brendon Scheideler

Company News

At BlueMatrix our systems have seen a steady growth in use and volume of research reports published – averaging over 1.6 million each year. During the pandemic and the years since, there is a stepped increase in content published, which is indicative of both a desire to better understand markets, but also our increasing reliance on information and data systems.

Keeping this data secure is a primary concern, and we endeavor to follow the highest standards in security to maintain integrity across our infrastructure.

“We are proud to be both SSAE18 (SOC 2 Type 2) and ISO27001 certified for all our global operations.” said Brendon Scheideler, Information Technology Officer at BlueMatrix. “Any business attempting to preserve, provision, and protect this critical resource will need to understand the consequences of a breached computer network. Severe data loss is not only financially devastating but invites legal investigation. Establishing clear protocols are essential for robust cybersecurity in financial services.”

To mitigate these concerns, the need for vendors, especially those for financial services, require a comprehensive, internationally recognized standard to protect data assets and reassure all stakeholders. Key to this is ISO27001, an international standard for information security management systems (ISMS), and SOC 2 Type 2 (or SSAE18) a yearly compliance and auditing system.


What is SSAE18 (SOC 2 Type 2)?

A SOC 2 investigation is a report on the security, availability, processing integrity, confidentiality, or privacy controls at a service organization. The purpose of SOC 2 reports is to satisfy the demands of a wide range of users who require in-depth information and assurance about the controls at a service organization. This is related to the security, availability, and processing integrity of the systems used by the service organization to process users' data as well as the confidentiality and privacy of the information processed by these systems.


What is ISO27001?

It is a comprehensive set of requirements that organizations must meet to protect their information assets. The standard provides a framework for organizations to identify, assess, and manage risks associated with their information assets. It also provides guidance on how to implement appropriate controls to mitigate those risks.

ISO 27001 is designed to help organizations protect their information assets from unauthorized access, use, disclosure, modification, or destruction. It is also designed to ensure that organizations have the necessary processes in place to ensure the confidentiality, integrity, and availability of their information assets.

Key benefits for financial services

1.Recognized Standard: ISO 27001 provides a comprehensive set of security controls and processes that help protect a firm’s data and systems from unauthorized access, malicious attacks, and other security threats.

2. Increased Confidence: By implementing ISO 27001, firms can demonstrate to customers that they are taking the necessary steps to protect their data and ensure their privacy. This can help build customer trust and loyalty.

3. Cost Optimization: ISO 27001 can help firms lower their internal costs by attempting to prevent incidents rather than reacting to them.

4. Improved Regulatory Compliance: Firms that implement ISO 27001 and SOC 2 Type 2 can demonstrate that they are meeting the necessary security requirements.

5. Increased trust: Certification provides external independent approval of our systems.

BlueMatrix is fully certified in both ISO27001 and SSAE18 ensuring our systems and data is continually maintained to recognized industry standards. To understand how we are the preferred choice for investment research, please speak to one of our consultants.