The multifamily industry has a reputation for being slow to adapt. Even as leading property management companies start to rely more on digital processes and time-saving software, industry-wide compliance standards and regulations still lag behind.
When PMCs select a vendor to partner with, security concerns are typically pretty low on the list of priorities, but data security is still as important as ever. Leaking your residents' personal identifiable information (PII) is every property management company's nightmare. Unfortunately, it still happens every day.
HappyCo is on a mission to combat breaches and put our customers’ minds at ease - that’s why we’re so proud to announce that we are now SOC 2 Type II certified! Read on to learn more about what this certification means and how it impacts our customers.
What Is SOC 2 Type II?
SOC 2, in the most basic terms, is an independent auditing process that certifies a vendor’s capability to handle and manage customer data across five core trust service principles (TSPs): security, availability, processing integrity, privacy, and confidentiality.
Technically speaking, a SOC 2 Type II certification verifies that a vendor has undergone assessment by an external auditor from the American Institute of Certified Public Accountants (AICPA), typically over a six-month period. During the process, the auditor will test a vendor’s controls and protocol for handling sensitive information.
SOC 2 doesn’t tell vendors how to deal with customer data, instead, it evaluates if that vendor can create processes that align with and execute against the TSPs.
For multifamily operators, as technology becomes more engrained in managing properties and the resident experience, data security is more important than ever.
SOC 2 Type I Vs. Type II: What’s the Difference?
Whereas SOC 2 Type II tests a vendor’s controls over time, SOC 2 Type I is a snapshot of the protocols and processes an organization has in place at a single point in time. If a vendor is Type I certified, it means that at the time of the certification, their systems were compliant with SOC 2 standards.
At HappyCo, we opted to continue our audit to achieve our SOC 2 Type II certification in late 2022, undergoing a rigorous six-month audit of our processes. We want to show our customers and prospects that we’re committed to providing them with best-in-class, secure solutions long-term.
How the 5 Trust Service Principles Impact Our Customers
Previously, we mentioned the five TSPs associated with a SOC 2 certification. Here’s a bit more about how each principle influences our customers:
Security represents controls we have in place to secure data against unauthorized access. This means our customers can determine who has access to which dashboards, reports, etc. and that we support proven techniques for identity verification such as two-factor authentication.
Availability refers to a system’s accessibility - this means that our platform is available to our users and able to be used to meet their objectives.
Processing integrity speaks to the quality of the controls we’ve put in place, and that our customers’ data is in the right place, at the right time.
Privacy is the principle directly linked to handling information appropriately - how individual customer information is used, disclosed, or retained has all been tested against government regulations.
Confidentiality speakers to our ability to manage and safeguard information with data encryption and firewalls, further protecting your confidential information.
Multifamily PMCs Expect and Deserve More
It’s easy to assume that the tools you are using are secure. But, if you don’t explicitly ask for proof of security controls, your resident and property data could be at risk. At HappyCo, we prioritized getting our SOC 2 Type II certificate as tangible proof of our investment in our customers’ data security, rather than empty promises.
The Impact of Data Breaches in Multifamily
According to Audit Analytics’ Trends in Cyber Security Breach Disclosures report, cybersecurity breaches increased by 118 percent year-over-year in 2021, with ransomware attacks up 44 percent. Websites like KonBriefing keep an updated list of cyber attacks in real-time - just skimming the page, viewers can see multiple global housing associations have been victims of ransomware, unauthorized access, and data breaches over the past few months.
As in any other industry, multifamily data breaches take time and money to recover from. With rising inflation and interest rates, coupled with a looming recession, many multifamily organizations would have difficulty bouncing back.
Why SOC 2 Matters to HappyCo
At HappyCo, we pride ourselves on being customer-obsessed (it’s even one of our core values!) - our customers truly are at the heart of everything we do.
With our customers top-of-mind, we not only want to safeguard their data and prove our trustworthiness, we also want to raise the bar for the entire multifamily industry. We pride ourselves on putting our money where our mouth is and leading the way to a more secure future.
Selecting and Investing in Secure Tools
As multifamily industry leaders, both the data security of your organization and your residents is in your hands. Aside from the internal controls you can implement, partnering with vendors that are SOC 2 Type II certified is a great way to ensure that your data is protected against external threats and internally governed properly.
As HappyCo develops tools that help multifamily businesses, we will continue to ensure we’re at the forefront of security and compliance standards.
Ever since she was a kid, Ebby has always loved reading, writing, and storytelling. After graduating from College of Charleston in 2018, Ebby started a career in marketing for start-ups and scale-ups and never looked back. She's thrilled that she now gets to share HappyCo's stories across formats and channels for a living.