Compliance Standards

As a service provider that shares security responsibilities with its clients, NFINIT is committed to enabling our clients’ regulatory requirements.

COMPLIANCE

Companies of every size and industry face the challenge of meeting complicated and ever-evolving compliance requirements. These requirements range from SOC, HIPAA, HITRUST CSF, PCI, ISO, NIST and more. As a service provider that shares security responsibilities with its clients, NFINIT is committed to enabling our clients’ compliance. Compliance enablement starts with working with clients to identify their needs, and then designing a solution that keeps their environment compliant and secure. In addition, NFINIT undergoes annual SOC audits performed by a third-party auditor.

SOC Overview

System and Organization Controls (SOC) Reports demonstrate how NFINIT achieves key compliance controls and objectives, which helps our clients and their auditors understand the NFINIT controls established to support operations and compliance.

SOC 1, Type 2

What is it?

A description of the NFINIT control environment and external audit of NFINIT defined controls and objectives.

What is the Primary Purpose?

To provide information to customers and their auditors about NFINIT’s control environment that may be relevant to their internal controls over financial reporting.

SOC 2, Type 2

What is it?

A description of the NFINIT controls environment and external audit of NFINIT controls that meet the AICPA Trust Services Principles and Criteria for Security and Availability.

What is the Primary Purpose?

To provide customers and users with a business need with an independent assessment of NFINIT’s control environment relevant to system security and availability.

SOC 3 Report

What is it?

A general use report that can be freely distributed and that demonstrates NFINIT has met the AICPA Trust Services Principles and Criteria for Security and Availability.

What is the Primary Purpose?

To provide customers and users with an independent assessment of NFINIT’s control environment relevant to system security and availability without disclosing NFINIT internal information. SOC 3 reports can be freely distributed.

FAQ

What period do the NFINIT SOC Reports cover?

NFINIT SOC 1, SOC 2, and SOC 3 Reports cover a 1-year period. (May 1st through April 30th).

How often are the NFINIT SOC Reports issued and when can I expect a new report to be released?

NFINIT issues SOC 1, SOC 2, and SOC 3 Reports once a year.

New reports are usually available by mid-July.

How do I attain a copy of a SOC Report?

Existing NFINIT Clients can easily attain SOC Reports and Bridge Letters via the self-serve Compliance section on the NFINIT Client Portal. Potential Clients can receive the SOC 1, Type 2 and SOC 2, Type 2 after signing an NDA. SOC 3 Reports do not require an NDA. Please contact us if you are interested in receiving a SOC report.

What if my audit period ends after the NFINIT SOC Report period? Does NFINIT provide Bridge Letters?

NFINIT provides clients a Bridge Letter upon request. A Bridge Letter is a letter that bridges the “gap” between the most recent NFINIT SOC report end date and the date of the bridge letter.

NFINIT clients commonly provide a Bridge Letter to their auditors to cover the amount of time between the most recent NFINIT SOC report and the end of the clients’ audit period.

Who performs the independent third-party audit of NFINIT for the SOC Reports?

Moss Adams LLP

Under what Standard are the SOC Audit Reports performed?

SOC 1, Type 2 – AICPA Attestation Standards No. SSAE 18 and IAASB ISAE No. 3402 Standards

SOC 2, Type 2 - AICPA Attestation Standards No. SSAE 18 and IAASB ISAE No. 3000 (Revised) Standards

SOC 3, Type 2 - AICPA Attestation Standards No. SSAE 18 and IAASB ISAE No. 3000 (Revised) Standards