SOC 2 Type II for Service Organizations

ADVANTAGE Achieves SOC 2 Type II Certification and Implements Enhanced Security Measures in Software


Jennifer Peoples |

ADVANTAGE has attained SOC 2 Type II certification, a milestone achieved through our collaboration with Vanta for continuous compliance monitoring and Johanson Group, LLP for formal certification.

This certification underscores our unwavering commitment to maintaining the highest standards of security and reliability in our operations. SOC 2, Type II certification is a rigorous standard developed by the American Institute of CPAs (AICPA) to assess an organization’s controls related to security, availability, processing integrity, confidentiality, and privacy of customer data.

“For organizations operating in tightly regulated industries, such as credit unions and community banks, this independent validation of our security controls holds immense significance. As the financial industry relies increasingly on external vendors to conduct core business activities, the demand for utmost trust and transparency in cloud service providers’ operations, processes, and outcomes has never been more crucial.

Achieving this certification demonstrates ADVANTAGE’s adherence to industry-leading security practices and signifies its ability to securely manage and protect customer information. This SOC 2 Type II report serves as an assurance that we have diligently designed, implemented, and maintained internal controls. Furthermore, it presents a comprehensive assessment of how our internal controls safeguard the security, availability, and confidentiality of our data processing systems, as well as the privacy of the information we process.” said Jennifer Peoples, Vice President Product Management at ADVANTAGE, powered by JMFA.

In conjunction with obtaining SOC 2, Type II certification, we have implemented several key security updates this year to JMFA Advantage, our client software platform, including:

1. Domain Validation: Strengthened domain validation procedures to ensure the authenticity and integrity of users being added to Advantage and to ensure that new users’ email addresses match the approved domains for their financial institution. This ensures that users have access only to the data for their financial institution.

2. Key Vault: Implementation of a secure key vault infrastructure to manage and safeguard cryptographic keys, enhancing data encryption and minimizing the risk of unauthorized access to sensitive information.

3. API Security: Enhancements to API security protocols to authenticate and authorize access to data, ensuring secure communication between software components and protecting against API-based vulnerabilities.

4. Email Throttle Enhanced email throttling capabilities and statistics reporting to regulate outbound email traffic, mitigate the risk of spamming, and enhance email security by preventing abuse and misuse of email services.

These security updates exemplify how we prioritize the confidentiality, integrity, and availability of our clients’ data. By proactively addressing potential security threats and continuously improving its security posture, ADVANTAGE reaffirms its dedication to providing clients with a trustworthy and secure software platform.

For both existing and potential clients seeking access to the SOC 2 Type II report, we extend the option to acquire it under a Non-Disclosure Agreement (NDA). To request a copy of the report, please contact us at security [@]

We remain steadfast in our pursuit of excellence, and this SOC 2 Type II certification exemplifies our dedication to providing security and peace of mind to the financial institutions we proudly serve.


Sign Up Here