HI. WE'RE CREDSPARK

Security Commitment Statement

Updated: June 13, 2023

At CredSpark, we are committed to maintaining the highest level of security, availability, processing integrity, confidentiality, and privacy of data entrusted to us by our customers, employees, stakeholders, and partners. This Security Commitment Statement outlines our dedication to implementing robust security measures and controls that align with the Trust Services Criteria (TSC) established by the American Institute of CPAs (AICPA) for SOC 2 compliance.

Security:
a. We will implement and maintain appropriate technical, physical, and administrative safeguards to protect against unauthorized access, disclosure, alteration, and destruction of data.
b. We will regularly assess and update our security controls to address emerging threats, vulnerabilities, and changes in the business environment.
c. We will conduct security awareness training programs for our employees to ensure they understand their roles and responsibilities in maintaining information security.

Availability:
a. We will strive to ensure that our systems and services are available for operation and use as agreed upon with our customers.
b. We will implement redundancy and disaster recovery measures to minimize disruptions and maximize uptime for our customers.

Processing Integrity:
a. We will process data in a complete, accurate, timely, and authorized manner, adhering to the agreed-upon specifications and requirements.
b. We will maintain appropriate controls to detect and prevent errors, omissions, or unauthorized modifications of data.

Confidentiality:
a. We will protect confidential information, both customer, company-owned, and information shared with our partners, from unauthorized access, use, or disclosure.
b. We will ensure that access to confidential information is restricted to authorized individuals only.

Privacy:
a. We will handle personal information in accordance with applicable privacy laws and regulations.
b. We will collect, use, retain, disclose, and dispose of personal information in a manner that aligns with our privacy notice and relevant privacy principles.

Incident Response:
a. We will establish and maintain an incident response plan to promptly and effectively respond to security incidents or data breaches.
b. We will notify affected parties in a timely manner if a security incident poses a risk to their personal information.

Continuous Improvement:
a. We will regularly review and enhance our security controls and processes to adapt to changing technology, threats, and business requirements.
b. We will conduct periodic assessments and audits to ensure compliance with SOC 2 requirements.

By adhering to this Security Commitment Statement and aligning with SOC 2 principles, we demonstrate our commitment to providing a secure environment for our customers’ data and maintaining the highest standards of security and privacy.


CONTACT

For questions regarding this Security Commitment Statement please contact us at: info@credspark.com