We’re proud to announce we’re SOC2 Type 2 compliant. At RootFi, we make it easy, safe and reliable for you to access your business customers’ accounting data.

Since we’re helping you connect to sensitive financial information, prioritising security is crucial. Our SOC2 Type 2 Compliance, in addition to our ISO Certification, is another sign of our commitment to maintaining the highest level of security for you and your customers’ sensitive information.

What is SOC2?

Service Organization Control 2, or SOC2, is a set of criteria that the American Institute of Certified Public Accountants (AICPA) designed to evaluate a service organisation's controls and processes related to data security, availability, processing integrity, confidentiality, and privacy. It assesses how well a company safeguards customer data and ensures the organisation meets the highest data security and privacy standards.

SOC1 vs SOC2

In essence, SOC 1 focuses on internal controls for financial statements and reporting, while SOC2 focuses on compliance and operations, especially when a company is a SaaS provider or uses cloud services. SOC1 is more appropriate for companies that can affect a customer’s financial statements while SOC2 is more suited to companies that connect, process, transmit or store any type of customer data. Since RootFi helps you interact with your customer’s financial data, we underwent a SOC2 audit.

SOC2 Type 1 vs Type 2

SOC2 Type 1 evaluates a company’s security controls against the trust principles at a specific point in time and can typically be assured within a few weeks, while SOC2 Type 2 assures the same security practices over time. In other words, SOC 2 Type 2 evaluates the operational effectiveness of a company’s security controls over time and can typically take months to assure.

Why is SOC2 compliance important?

SOC2 compliance, though voluntary in nature, is crucial for any organisation handling sensitive customer data. It demonstrates that a company has implemented and adhered to the necessary controls and procedures to protect data from unauthorised access, theft, or data breaches. By achieving SOC2 compliance, RootFi reinforces its commitment to data security and gives you peace of mind knowing your customers’ data is secure.

What does SOC2 compliance mean for RootFi and you?

As a SOC2-compliant organisation, RootFi has undergone a comprehensive evaluation process conducted by an independent auditing firm to ensure that our security controls meet industry standards.

Our SOC2 compliance consists of an independent audit report that details information and tests five principles, known as the Trust Services Criteria:

  • Security,
  • Availability,
  • Processing integrity,
  • Confidentiality, and
  • Privacy.

This means that when you choose RootFi to connect to your customer’s accounting data, you can trust that the data is protected and handled with the utmost care.

SOC2 compliance also streamlines the vendor risk assessment process for our customers. By partnering with RootFi, you can confidently demonstrate to your customers that you work with a service provider that prioritises data security and adheres to the highest standards.

RootFi’s SOC2 Type 2 Report

Once an independent auditor has confirmed that a company’s processes meet the SOC2 Type 2 criteria, they provide a SOC2 Type 2 Report. You can view RootFi’s SOC2 Type 2 Report in our Trust Vault.

To learn more about how RootFi safeguards your data and its SOC2 compliance, contact us at contactus@rootfi.in. Your data security is our top priority.

Get started
building with us!

Arrow Up White Icon