SOC Certification

At FSSI, we recognize the importance of ensuring the highest level of trust services for our security-conscious clients.

Since 2007, we’ve continuously met or exceeded the American Institute of Certified Public Accountants (AICPA) requirements, enhancing our network infrastructure and security practices to provide the highest levels of availability, reliability and continuity.

Successful completion of an annual SSAE-18 Type II audit signifies compliance with the AICPA attestation standards, providing clients in highly-regulated industries with the documentable assurance that their confidential customer data is being handled in accordance with strict industry standards. 


FSSI Meets SOC Compliance

FSSI is committed to industry-accepted auditing standards. We earned our first SAS70/SOC 1 (Service Organization Controls) and SOC 2 audit in 2016, and now maintain all three available SOC reports under the SSAE-18 Type II examination audit. Successful SOC compliance confirms that for the period covered, our processes met or exceeded specific objectives for:

  • Financial Reporting Controls
  • Physical and Environmental Security
  • Information Security
  • Data Confidentiality and Privacy
  • Print, Mail and ePresentment Operational Controls
  • Availability and Access Controls
  • Subservice Organization Controls

Other security tests are performed in conjunction with the SSAE-18 Type II certification audit, including: network vulnerability, social media and a risk assessment review.

In total, passing results affirm FSSI’s commitment to providing clients with best-in-class services, satisfying their mandated security requirements, and vigilantly safeguarding consumer data.


Successful SSAE-18 Audits in Multiple Locations

SOC 2 Type II Logo

Since 2007, FSSI has successfully completed the SSAE-18 Type II audits with zero exceptions – also successfully completing audits for both FSSI locations (Santa Ana, California, and Coppell, Texas) since 2019. This included passing dual SOC 1 and SOC 2 audits, prioritizing security and enhancing our network infrastructure to provide even higher levels of availability with comprehensive processes and controls.

Then and now, we are committed to employing the latest and most advanced technologies and practices to maintain the safety and integrity of client information. This includes installing redundant state-of-the-art Storage Area Network (SAN) systems and software in both Santa Ana and Coppell with replication of all production and application data, in addition to implementing new security measures for logging and event tracking, and tools for backup and recovery.

Our clients can expect us to conduct this audit every year, with results available to those who request it.


What is SSAE-18 Type II Certification?

SSAE-18 superseded SSAE-16 in 2017 as the audit standard for service organization auditors. SSAE-18 was adopted by the AICPA with the goal of establishing a more uniform quality reporting standard and increasing internal controls over subservice organizations. 

“Service Organization Controls” (SOCs) refer to the reports supplied to a company’s internal auditors and/or regulators following an audit. SOC reports are identified as 1,2, or 3, depending on the focus and extent of process control testing:

SOC 1 establishes the requirements for business process controls related to financial reporting.

SOC 2 establishes the requirements for Trust Services Principles (TSP) which describes the principles on which the operating effectiveness of a service organization’s controls are measured: security, availability, processing integrity, confidentiality, and privacy.

SOC 3 is a general use report that can be freely distributed to the public based on SOC 2, which can only be shared internally or under an NDA.


Partner with an SSAE-18 Certified Printing Company

FSSI is well-versed in the security and data practices necessary to handle confidential customer information and remain compliant. Contact us online or call us at (714) 436-3300 to learn how we continually reinvest in our infrastructure to meet evolving data security and privacy needs.