Unwavering Security: DigiFi's SOC 2 Type II Compliance

At DigiFi, security is core to everything we do. In the high-risk industry of online loan origination, maintaining the highest security standards is key to protecting our clients' data and fostering trust among their borrowers.

With that in mind, we’re proud to announce the successful completion of our 2023 SOC 2 Type 2 audit, which is a testament to our ongoing commitment to information security. This rigorous audit was performed by a reputable third-party and included a thorough review of our policies and practices as well as in-depth testing of our security results for the last year to ensure that all controls functioned properly. In addition, the auditor performed comprehensive penetration and vulnerability testing on our platform. DigiFi has maintained SOC 2 compliance since 2021 and we’re proud to be able to consistently demonstrate our commitment to security.

Building a Security-First Culture

DigiFi’s approach to information security begins with embedding a security-first mindset across every layer of our organization, ensuring that each team member understands their role within our security framework and participates in safeguarding our operations. Security assessments are integral to all critical decisions, from developing new product features to managing IT infrastructure changes, onboarding new team members and managing access controls. This holistic approach underscores our belief that maintaining robust security is a collective responsibility. As the saying goes, "it takes a village."

But how do we cultivate an ingrained culture of security awareness and action? It starts at the top. Our leadership team, armed with extensive expertise in the lending sector including running an online lending business, not only acknowledges the criticality of security but also champions it as a core organizational value. Rather than isolating security as a siloed department, we weave it into the fabric of every department of our organization through education and accountability.

Every DigiFi team member, regardless of their role, undergoes rigorous training on our security policies and procedures. This training is an ongoing process, with regular updates to ensure alignment with evolving threats and industry best practices. Beyond training, we implement a robust system of checks to ensure continuous adherence to our security standards. Team members are regularly tested on their security knowledge and practices, reinforcing the importance of security in their daily activities and decision-making processes.

By fostering this security-first culture, DigiFi fortifies its defenses against potential threats and ensures that security remains at the heart of our operational ethos as a business.

Defending Against Diverse Threats

We face a multifaceted array of external and internal risks. External threats (e.g. hacking, DDoS attacks) are met with proactive and dynamic system defenses, and internal threats (e.g. employee misuse, errors, theft) are handled with stringent internal controls and continuous monitoring to ensure the integrity of our operations. Here’s a deeper look into how DigiFi proactively addresses these threats:

• External Threats (e.g. hacking, DDoS attack): Our approach to external threats is proactive and dynamic. We employ state-of-the-art encryption, sophisticated firewalls and comprehensive intrusion detection systems to secure our data against unauthorized access and cyber-attacks. Regularly updated platform software and strict network access controls further ensure that our clients' data remains secure.
• Internal Threats (e.g. employee misuse, errors, theft): Companies are often caught off guard by threats from within, especially as they scale. To counteract internal risks, we’ve implemented background checks, stringent least-privilege access controls and vigilant monitoring systems. We cultivate an environment where trust is paramount, yet supported by rigorous checks and balances that mitigate internal vulnerabilities. Additionally, we empower our customers to manage their own risks through features like two-factor authentication (2FA), single sign-on (SSO), timed session limits and comprehensive permissions, reducing their exposure in the event of a security incident.

Disasters and Business Continuity

In addition to known threats, preparing for unexpected disasters is another cornerstone of our security framework. Our comprehensive disaster recovery and business continuity plans are more than just contingencies; they are rigorously tested and constantly updated blueprints that help guarantee resilience in the face of unforeseen challenges. We ensure that all critical data is backed up regularly and can be swiftly restored, minimizing the risk of loss or disruption. For us, this goes beyond procedure – it's central to our commitment to our clients.

Our preparedness for unexpected events is also a key component of our security framework. From natural disasters to unforeseen system failures, we have strategies in place to ensure the continuity of our essential services. Our ability to quickly adapt and respond to these incidents protects not just our operational integrity but also the trust that our clients place in us.

Change Management and Innovation

In the fast-paced world of digital lending and loan origination, innovation is a necessity. At DigiFi, we embrace change while ensuring it harmonizes with our stringent security protocols. Our approach to change management is twofold: internal and client-facing.

Internally, every system update, product feature release or infrastructure modification undergoes a thorough security assessment. This process is ingrained in our software development lifecycle, ensuring that each change is scrutinized for potential security implications. By leveraging automated workflows and multiple testing environments, we ensure that changes are seamlessly integrated without compromising our platform's integrity.

For our clients, we build control over change management into our no-code platform, allowing them to safely adjust their loan origination processes. Clients can implement changes to their workflows, rules or user interfaces with real-time previews and full visibility into the potential impacts of these adjustments. This ability is supported by DigiFi's overarching security practices, providing a safe environment for innovation. Our platform's architecture supports this dynamic by isolating client-driven changes from core system functions, ensuring stability and security even as clients customize their solutions.

By merging rigorous internal change protocols with client-centric flexibility, DigiFi not only adapts to the evolving needs of the digital lending market but also leads it with confidence and security.

Conclusion

At DigiFi, security means a firm promise to protect all our clients’ data, including applications, documents and other information. Our SOC 2 Type 2 compliance reflects our ongoing commitment to ensuring that every client who entrusts us with their business receives the highest level of protection and service. Thanks to all DigiFi customers, big and small, who have chosen us!

Lastly, a shout out to our team for their hard work in maintaining our information security compliance program and helping to complete the audit. Thank you!