The browser you are using is not supported. Please consider using a modern browser.
CreditXpert Security and Due Diligence FAQ
Our commitment to security is vital to the products we provide. As such we perform multiple independent audits and certifications annually to attest to the design and strength of our security controls. We utilize proven industry level security providers and instill security practices across our entire organization to ensure our security posture remains paramount and your data is protected in our SaaS product.
Below are a number of commonly asked questions related to our security:
Is our data safe? How do we know your security controls are effective in protecting our data?
CreditXpert has been SOC 2 and ISO 27001 certified since May of 2021. These certifications, conducted annually by an independent auditor, validate the operation and effectiveness of over 150 security controls related to processes, policies, and systems used at CreditXpert to protect our data, applications, and users of our platforms.
Our Compliance Teams are requesting we complete a due diligence package on CreditXpert. What do we do?
In fulfilling due diligence questionnaires from companies such as yours, we have found that our SOC 2 Type 2 report satisfies the information requested and provides an additional narrative regarding the security at CreditXpert, all performed by an independent auditor and not self-attested.
To receive our SOC 2 Type 2 report, please initiate an NDA by clicking here.
In addition to our SOC 2 Type 2 report, the attached ISO 27001:2013 certification is evidence that we have been independently audited and found in compliance with the international ISO 27001:2013 standard for information security management.
- ISO Certified
- AICPA Service Organization
What is a SOC 2 Type II report?
A SOC 2 Type II report evaluates an organization’s security controls over time and provides assurance that the organization has maintained adequate security controls to protect customer data. It covers controls related to security, availability, processing integrity, confidentiality, and privacy. It provides a higher level of assurance than a SOC 2 Type I report, which evaluates controls at a specific point in time.
What is an ISO 27001:2013 Certification?
ISO 27001:2013 is an international standard that provides a framework for managing and protecting an organization’s information assets. An ISO 27001:2013 certification means that an organization has been independently audited and certified to comply with the standard’s requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This includes conducting risk assessments, implementing appropriate security controls, and regularly reviewing and updating the ISMS to ensure its effectiveness. An ISO 27001:2013 certification demonstrates an organization’s commitment to information security and can provide assurance to customers and other stakeholders that their information is being protected according to international best practices.
What are some of your security practices?
- Advanced cloud security methods
CreditXpert use AWS, AWS enhanced security measures, and other cloud based security tools proven in the industry.
- Encryption standards
CreditXpert utilizes FIPS (Federal Information Processing Standard) approved encryption algorithms which may include RSA, AES-256, SHA-256, SHA-512, and TLS 1.2 or greater. All encryption mechanisms are implemented to support a minimum of, but not limited to the industry standard, AES 256-bit encryption. Additionally, we use proprietary technologies for encrypting confidential data and follow cryptographic modules with the supporting cryptographic algorithms:
- Vulnerability scanning (internal and external)
Internal and external vulnerability scanning occurs frequently. Processes to remediate findings follow a risk management process.
- Established policies and procedures at ISO standard levels and reviewed annually
CreditXpert has established policies and procedures to govern our security practices. Our security practices and controls are audited against these policies as part of our ISO and SOC 2 certification processes and go through an internal policy review process.
- Secure coding scanning and practices
CreditXpert follows industry standard secure coding practices as defined in our policies and procedures.
Do you have an incident response plan?
CreditXpert developed and maintains this IRP as required by Applicable Laws, which may include applicable US federal and state laws which may apply to CreditXpert by virtue of contracts with users or business partners, including regulated clients, such as financial institutions governed by Gramm-Leach-Bliley Act.
Are you credit repair or credit counseling?
No. We are not credit repair or counseling. CreditXpert is a simulation tool to help your clients secure the purchase power they need — our predictive analytics platform is rooted in decades of data. Unlike other consumer credit sites, we only use mortgage credit scores. Which helps us provide borrowers with the truest path to homeownership.