CU*Answers has published its SSAE-18 Service Organization Control (SOC) 2, Type II report. Completed by Crowe, LLP, the report verifies the existence of internal controls which have been designed and implemented to meet the requirements for the security principles set forth in the Trust Services Principles and Criteria for Security, Availability, Processing Integrity and Confidentiality. The Type II report not only concerns the policies and procedures in place at a point in time, but validates their effectiveness over a 12-month period. By the CU*Answers Board of Directors resolution, CU*Answers will have an SSAE-18 SOC 2 audit every other year. In intervening years, CU*Answers will have an SSAE-18 SOC 1 audit.
The SOC 2 report can be downloaded from the CU*Answers Due Diligence web page. In addition, you can download older SSAE reports, financial statements, insurance, software escrow reports, request Bridge Letters, and obtain additional information on disaster recovery/business resumption reports.