Agora Data recently received a compliance certification with the American Institute of Certified Public Accountants (AICPA’s) System and Organization Controls (SOC) 2.

According to a news release, Agora Data’s SOC 2 Type II standard for information security was certified by an independent, trusted third party CPA firm on Jan. 13.

The company highlighted the SOC 2 compliance certification is an industry-recognized designation that further reinforces Agora Data’s ongoing commitment to automotive dealer customers, vendors, partners, and personnel connected to Agora Data’s systems.

Chief technology officer Chad Stilwell said Agora Data met the rigorous and high industry standards set by the AICPA for information security to receive the SOC 2 Type II designation.

SOC 2 is an auditing measure that ensures service providers securely manage user data and requires a clean audit to receive certification. Compliance of SOC 2 Type II covers multiple categories for operational effectiveness including:

—Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, processing integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to achieve its objectives.

—Audit controls are in place such as system and security monitoring, employee onboarding and termination processes, background check on all employees, data encryption in transit and at rest, multi-factor authentication, segregation of duties, and ongoing risk assessments.

“Agora Data has always prioritized the importance of protecting customer information. The SOC 2 certification is an industry gold standard for security for technology companies that work with sensitive information,” Stilwell said in the news release.

“This accomplishment further validates the security measures we’ve already put in place to protect our infrastructure and is one of many best-in-class initiatives the company has implemented to optimize business security and performance for all stakeholders,” he went on to say.

Stilwell added Agora Data’s SOC 2 compliance goes beyond the requirements of the Gramm-Leach-Bliley Act, a congressional law known as the Safeguards Rule overseen by the Federal Trade Commission.

The Safeguards Rule requires financial institutions — companies that offer financial products or services like loans, financial or investment advice, or insurance — to explain their information-sharing practices to safeguard sensitive data, including personally identifiable information.

Under the 2021 amendment to the Act, or Safeguards Rule, Agora Data pointed out that U.S. auto dealers are required to undertake a series of procedural, technical, and contractual steps to protect customer and other personal data. The requirements must be in place by June 9.