Astra earns SOC 2 Type 2 Certification for Security Compliance

By Edlyn Cardoza

Astra, the automation platform for money movement, has been awarded the System and Organization Controls 2 (SOC 2) Type 2 Certification, validating the company’s dedication to delivering the highest level of security to customers. SOC 2 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) intended to help organizations prevent unauthorized access to their digital assets and customer data.

In an environment where cybersecurity threats are ever-present, service companies have widely adopted the SOC 2 audit process across a range of industries. The certification affirms that Astra’s information security practices meet the SOC 2 standards for data security, availability, confidentiality, processing integrity, and privacy. While the audit is not compulsory, many organizations require certification as part of their service organization procurement process.

“Security is our number one priority and earning SOC 2 certification is an exciting milestone that underscores our commitment to providing secure and risk mitigated payments-as-a-service to our customers,” says Gil Akos, co-founder and CEO of Astra. “Meeting these high standards ensures Astra can be trusted by financial institutions and growing enterprises to handle the sensitive business of financial transfers. This is one more demonstration of how we make the complicated payments process affecting our users less daunting.”

An independent auditor carried out the SOC 2 evaluation that reviewed and tested Astra’s data management control mechanisms and activities, including monitoring, communication, policies, and procedures. In addition to business practices, the auditor conducted security reviews via penetration testing of publicly accessible sites and endpoints. While SOC 2 Type 1 audits are based on the state of these mechanisms on a specific date, the Type 2 evaluation that Astra completed was much more rigorous. Astra’s SOC 2 Type 2 audits involved a more detailed investigation covering a longer period of time – in Astra’s case, three months. The SOC 2 report is valid for one year.

IBS Intelligence reported that Astra, a technology company that offers advanced bank-to-bank transfer solutions, had announced a formal partnership with Plaid, a data network powering the digital financial ecosystem, to offer an integrated solution for developers to easily enable programmatic money movement for their customers.