Otso Achieves SOC 2 Certification: Elevating Security in Tenant Financial Information Processing

Otso is SOC 2 Certified - Here’s What That Means for Our Customers

‍

We are thrilled to announce that Otso has achieved SOC 2 certification, a significant milestone that underscores our unwavering commitment to the security, availability, and confidentiality of our customer and tenant data. This certification is not merely a symbol of trust; it represents our dedication to upholding the highest standards of data protection and offering services that our customers and partners can rely on with confidence. 

‍

So….What is SOC 2 Certification?

‍

SOC 2 (Service Organization Control 2) is a rigorous framework designed to ensure that service providers like Otso manage data securely to protect the interests of their organization and the privacy of their clients. This prestigious certification is awarded to companies that demonstrate strict adherence to five trust service principles:

‍

Security: The system is protected against unauthorized access, both physical and logical.

Availability: The system is available for operation and use as committed or agreed.

Processing Integrity: System processing is complete, valid, accurate, timely, and authorized.

Confidentiality: Information designated as confidential is protected as committed or agreed.

Privacy: Personal information is collected, used, retained, disclosed, and disposed of in accordance with the entity’s privacy notice.

‍

Read on to see why we invested into this compliance protocol and it’s standards…and why it matters to your assets.

‍

Collecting Tenant Personal and Financial Information: The Status Quo Has Most Landlords at Risk

The most common method for collecting and processing tenant financial information is often handled through email (usually as part of the leasing team’s flow), a practice that poses significant security risks. Think bank statements, personal social security numbers, tax returns and more…Collecting all of this highly sensitive tenant information via email poses significant exposure and most definitely falls short of meeting the stringent IT security standards set by key regulatory bodies, including the U.S. Securities and Exchange Commission (SEC). The SEC’s guidance on cybersecurity practices underscores the importance of protecting sensitive information from unauthorized access and breaches. 

‍

By using email to handle such data, businesses expose themselves to vulnerabilities that can lead to data loss, unauthorized disclosures, and potential exploitation of sensitive financial and personal information. The costs of losing this information are staggering and cannot be ignored (more on this below). 

For entities regulated by the SEC, adhering to these standards is not just a matter of best practice but a legal requirement to prevent potential fines and legal actions that can arise from failure to protect critical financial information effectively.

‍

At Otso, we recognize the vulnerability of these traditional methods and have always sought to innovate more secure and efficient processes. Our collection methods leverage the most secure and compliant channels to protect both applicants and ownership’s most sensitive data.

Beyond Insecure Collection….Storage.

‍

What happens after an applicant/prospect submits sensitive information via email? Well, oftentimes that data is stored long-term on email servers, highly accessible on a multitude of devices and potentially at risk for every employee who has log-in access to your systems. Do the quick math, it’s a lot of exposure points across your team members.

‍

What Are The Costs of A Data Breach?

When security is breached, particularly when handling personal and financial information via email, the costs can be substantial and multifaceted. These costs not only affect the financial bottom line but also impact the business's reputation, operational efficiency, and regulatory compliance status. Below are some key data points and trends that illustrate the potential costs and consequences of such security breaches.

‍

Direct Financial Costs

‍

Remediation: The immediate costs to address and rectify a data breach can be significant. According to the 2021 Cost of a Data Breach Report by IBM and the Ponemon Institute, the U.S. the average total cost is at $9.05 million.

‍

Notification: Can average around $200,000 according to the same IBM report.

Loss of Business and Customers: The IBM report noted: The average cost of lost business after a breach is $1.59 million.

‍

Indirect Costs

‍

Reputational Damage: The loss of customer trust and negative publicity can have long-lasting effects on a company’s brand value and reputation.

Operational Disruption: A breach can disrupt normal business operations, leading to loss of productivity and additional costs to manage the disruption.

Increased Insurance Premiums: Businesses often face increased premiums for cyber insurance following a breach, due to the perceived higher risk.

Premiums can increase by 20% to 40% post-breach, as noted in reports from insurance providers.

‍

Legal and Regulatory Costs

‍

Legal Fines and Settlements: Breaches often lead to significant legal challenges, including fines and settlements.In the U.S., regulatory fines can also be substantial, with the Health Insurance Portability and Accountability Act (HIPAA) imposing penalties up to $1.5 million per violation.

Legal Fees and Litigation Costs: The legal expenses associated with defending against lawsuits and paying settlements can be considerable. Average costs can range from $500,000 to several million dollars, depending on the scale and nature of the breach.

‍

Long-Term Costs

Depreciation of Share Value: Publicly traded companies often see a decline in share price due to the loss of investor confidence after a breach.Studies have shown that companies experience a 5% to 15% drop in share value in the months following a breach.

‍

With our SOC 2 certification, Otso sets a new standard in how tenant financial information should be handled, industry-wide. We collect and store this information as well an insure you and ourselves against these risks.

‍

Here’s why Otso is helping industry leaders like Shopcore, Nuveen and more protect all of their applicants and information while supercharging the leasing financial diligence process.

‍

Enhanced Security: Our certification assures you that Otso implements the most rigorous security measures to protect your data from unauthorized access and potential breaches. This is crucial when dealing with sensitive tenant information that, if mishandled, could lead to significant vulnerabilities.

Streamlined Compliance: By adhering to SOC 2 standards, Otso helps you streamline your compliance with various regulations, ensuring that your data handling meets top industry standards.

Improved Reliability: With a focus on the availability of our service, you can rely on Otso to be accessible when you need it most. This ensures consistent performance and uptime, critical for time-sensitive financial processes.

Data Integrity: Our commitment means you can trust that your tenant data is processed accurately and in a timely manner, minimizing the risk of costly errors and inconsistencies.

Guaranteed Confidentiality: We ensure that any confidential information is protected according to stringent standards, giving you peace of mind that your data is safe.

Privacy Protection: Our adherence to privacy principles ensures that your personal information is handled with the utmost care and in line with our privacy policies and best practices.

‍

Our Commitment to Our Customers

‍

Achieving SOC 2 certification is part of our broader effort to provide a secure and reliable service. We understand that in the real estate industry, data security and privacy are paramount—they are not just a requirement but a fundamental part of your experience with Otso.

‍

We are committed to maintaining these standards and continuously improving our systems and processes to serve you better. If you have any questions about our SOC 2 certification or how we can revolutionize and de-risk your tenant collection practice, please do not hesitate to reach out to us at contact@otso.io to learn more. 

‍

We keep all of our security protocols and standards transparently available for you to verify in our Trust Center.

‍