We always knew our customers’ data was secure. Now, we have proof.

Update: As part of our ongoing commitment to protecting our clients’ data, we’re now SOC 2 Type 2 certified as of July 2023. This is the natural next step in our SOC certification journey after receiving our SOC 2 Type 1 last year (which you can read more about below).

To achieve this new certification, our third party auditors assessed a) how rigorous our security controls are designed and b) how effectively they perform all year round. Both are things we excel at according to the independent audit body that granted us our new certification!

Using your favourite financial services apps and websites can sometimes feel like throwing your money down a well for safekeeping. You check off a little box and agree to whatever the novel-length terms of service require, click SEND and poof! your assets vanish without even a splash. Can you be confident that your data is secure?

For Wealthsimple clients, the answer is yes! If you’ll grant us an uncharacteristic moment of immodesty, we just received our very first SOC certification! SOC 2 Type 1, to be exact.

Okay, great, so what does that mean?

Think of the SOC certification as a third-party inspection report, like one you would get before buying a new home. Before signing over your life savings, it’d be good to know if that sawdust by the back door is evidence of termites or just an old DIY project. Similarly, Wealthsimple invited some external experts to open up the mysterious black box of our security program, take a good look around, and let us know if they liked what they saw.

They did, and so did we.

SOC stands for System and Organization Controls, and SOC 2 focuses specifically on the security controls in place for securing customer data. Some examples of the controls assessed in a SOC 2 inspection include:

• Control Environment: Our commitment to promoting and demonstrating values like integrity and high ethical standards, including developing and retaining the best employees.
• Monitoring Activities: How we keep track of activity on our platforms and perform tests to ensure we are actively looking for suspicious activity or deficiencies.
• Logical and Physical Access: How we manage the security of our software, infrastructure, and even physical access to our Wealthsimple offices to protect and secure your information.

After the auditors finished hunting for metaphorical cracks in our foundation, they were tasked with assigning us one of four possible “opinions” or grades to reflect how we match up to the SOC 2 industry standards:

1. Unqualified: This opinion is like an A in school, and means that all the elements that underwent inspection were designed well and are operating effectively.
2. Qualified: This means the auditors don’t feel comfortable enough to certify that all the controls are designed and operating effectively, sort of like a B- or C+.
3. Disclaimer: Organizations only get this result if they don’t provide enough information for the auditors to provide an opinion. It’s like an “incomplete.”
4. Adverse: A big, bold “F” written in thick red marker with the words SEE ME AFTER CLASS scribbled underneath. This means the audit firm found pervasive problems that need to be addressed immediately.

As you may have guessed by now, Wealthsimple is quite proud to have earned unanimous top marks. That means users like you can continue to trust us with your data and finances knowing you’re in good hands — whether you use our platform to invest, trade crypto, or utilize our spend and tax apps. It means that we implement high security standards to prevent breaches or security mishaps.

Which is a lot safer than throwing your money down a well. Yes, even a deep one.

For us, achieving our SOC 2 certification means more than just satisfying some industry security compliance standard. We wear this designation as a badge of honour; one we’re super excited to show off to our clients.

This is just the beginning though. The great thing about SOC 2 compliance is that it’s not a one-and-done inspection. Unlike a home inspection, our management of your data is inspected every single year as we continue to grow and evolve. That means we get to look forward to earning straight A’s — and more importantly, your trust — again and again.

Written by Nooreen Ahmed, Senior Analyst, Risk & Governance at Wealthsimple, in collaboration with Jared Lindzon. Edited by Mark Adams.

Wealthsimple has forward-thinking financial tools trusted by over 2.5 million Canadians. “Maker Stories” is an inside look at how we get things done. Interested in joining our team? Visit our “Work With Us” page to learn more and view open roles.

The content on this site is produced by Wealthsimple Technologies Inc. and is for informational purposes only. The content is not intended to be investment advice or any other kind of professional advice. Before taking any action based on this content you should consult a professional. We do not endorse any third parties referenced on this site. When you invest, your money is at risk and it is possible that you may lose some or all of your investment. Past performance is not a guarantee of future results. Historical returns, hypothetical returns, expected returns and images included in this content are for illustrative purposes only. Copyright © 2022 Wealthsimple Technologies Inc.