Proper is now PCI DSS Level 1 and SOC 2 Type 1 compliant. We’ve built our systems and processes to be highly secure and compliant from day 1 to give developers and customers assurance that they can trust Proper for their business-critical applications.
At Proper, we're building the financial operations platform for fintech. We help companies manage their payments data across providers, with tools for payments reconciliation, core ledgers, and a unified payments data platform.
And to do this, we work with very sensitive financial data. So we’ve built our systems and processes to be highly secure and compliant from day 1.
Security will always be our number one priority. And we know that being certified to the highest compliance standards is an important way to give developers and customers assurance that they can trust Proper for their business-critical applications.
PCI DSS is one of the most important industry standards that ensures a baseline level of protection for consumers and helps reduce fraud and data breaches. The requirements were originally developed by the PCI security standards council, a consortium of the major credit card brands to reduce the rates of fraud. There are two levels of compliance, based on the volume of card data that is stored or transferred.
PCI DSS Level 1 compliance is required for businesses that handle high volumes of payment card data. Proper’s Attestation of Compliance was completed by a qualified security assessor (QSA) for PCI DSS Level 1 compliance.
For anyone working with financial data, maintaining the utmost security posture is a must. And to be the trusted source of truth for a company’s payments and financial data, we knew we needed to be able to support maintaining card data on our systems. Our attestation unlocks new ways to serve customers, new integrations, and will reduce overhead for customers who maintain PCI certification that leverage the Proper platform.
SOC 2 covers organizational processes and infrastructure security requirements. It’s a compliance standard developed by AICPA (American Institute of CPAs). SOC2 evaluates companies on 5 Trust Services criteria: security, availability, processing integrity, confidentiality, and privacy.
There are two types, each requiring an external audit: The SOC 2 Type 1, which verifies compliance at a point in time. And SOC 2 Type 2, which checks if a company stays compliant during an observation window. Proper is SOC 2 Type 1 compliant, with SOC 2 Type 2 coming soon.
When it comes to customer data, we wanted to hold ourselves accountable to a rigorous framework to ensure that we keep data safe. And, we wanted to adhere to a standardized way to communicate our security practices to our customers.
By achieving SOC 2 compliance, customers can trust that Proper's organizational and security processes meet industry standards.
We worked with a fellow Y Combinator company, Vanta, to help define our controls and ensure they were operating effectively. Vanta helped connect us with auditors and start the process of obtaining our attestations. We began by obtaining our SOC 2 Type 1, then focused on PCI DSS compliance (and are currently in our observability window for our SOC 2 Type 2).
It may seem unusual for a company of our stage to take up the work to obtain SOC 2 and PCI DSS, but we know the scope of the platform we are building requires that we manage customer data securely while maintaining full control over our infrastructure. And by becoming compliant now, it will be much easier to remain compliant into the future.
We’re excited to be able to support new and existing customers in new ways on a trusted, secure system. We know that PCI DSS and SOC 2 compliance are important steps that demonstrate our ongoing focus on security at Proper, and we’re excited to be able to offer our customers these assurances for their critical business data.
For more information on our organizational and system security practices, check out Security at Proper.
To learn more about the Proper platform and request a demo, send us a note.
In this post, we cover the basics of multi-currency transactions for those looking to begin storing and moving funds across borders.
In this post, we cover common challenges and best practices for reconciling a product ledger.