FinTech Traxpay and Claranet: partners for secure banking services
Summary:
Challenge: Traxpay requires a service provider for the operation of its dynamic financing platform that fulfils the highest security and compliance requirements with regard to internal control systems and risk management
Solution: Claranet undergoes an ISAE 3402 standard audit using the Traxpay platform and successfully completes this with the SOC 2 Type II report
Result: In addition to the secure, agile operation of the financing platform, the ISAE 3402 security report saves Traxpay and its customers from having to carry out their own audits of outsourced IT processes
Traxpay
Traxpay GmbH is one of the first FinTech companies in Germany and uses its platform to support banks in the digitalisation of their corporate client business and large companies in the digitalisation and automation of their working capital management.
Security requirements
In 2015, Traxpay decided that it was time to outsource the operation of its centrepiece - the "Dynamic Financing Platform". The catch: when companies outsource IT processes that affect accounting, they must ensure that their service providers also have an internal control system and risk management in place.
"Security is a top priority in the B2B environment. Our innovative platform must therefore not only be technically up to date and secure, but also demonstrate the necessary compliance," explains Thomas Fuhrmann, Chief Technology Officer at Traxpay. "Ideally, we needed managed services that fulfil our security requirements on the one hand and meet the requirements of ISAE 3402 on the other. Our service provider therefore needed to have a SOC 2 TYPE II report in accordance with ISAE 3402. However, there are currently hardly any such providers on the German market."
ISAE 3402 required
During the preliminary discussions, it quickly became clear that Traxpay and Claranet were a perfect match. Claranet already had ISO 27001 certification and data protection compliance in accordance with the German Federal Data Protection Act. Together with and for Traxpay, they now tackled the SOC 2 Type II report in accordance with ISAE 3402.
Probe audit in advance
Claranet bundled Traxpay's special IT infrastructure requirements into a customised system architecture with managed application cloud hosting and high service level agreements (SLAs).
The big advantage of Claranet is its enormous flexibility, which was the main reason for our commissioning, along with the high
security standards and readiness for the ISAE audit."
SOC 2 Type II "Security first"
The comprehensive final SOC 2 security report in accordance with the ISAE 3402 standard was initiated during the contract negotiations in spring 2016. Claranet even went one step further and had an audit carried out for the SOC 2 Type II report. In contrast to TYPE I reports, Type II reports not only test and confirm the scope and adequacy of internal controls based on the standard specifications for security, availability, integrity and data protection, but also confirm the effectiveness of these controls and describe the control points and the test method.
Why a security audit?
The audit was carried out on the Traxpay platform by an independent auditing company on the basis of the past twelve months and successfully completed in March 2017 with the SOC 2 Type II report - with
significant added value for Traxpay and its customers as well as for Claranet: a time-consuming, in-house audit of outsourced IT processes is therefore no longer necessary for Claranet's business partners and Traxpay's customers. An enormous reduction in auditing costs!
Read more about ISAE certification and the system architecture of the Traxpay solution in the full case study, which you can download here.
