Security is a fundamental element of operations at UpClear. Robust security is critical to create and maintain the trust of our client partners. UpClear is committed to protecting your data.
UpClear and BluePlanner are ISAE 3402 Type 2 certified, an independent, third-party audit that validates internal controls to provides assurance that a vendor's internal controls are effective. It's an internationally recognized standard.
The goal of this certification is to provide assurance that the vendor has adequate internal controls in place related to the services they provide, especially services that impact the financial statements of their customers.
The "Type 2" distinction: The key difference between an ISAE 3402 Type 1 and a Type 2 report is the scope and period of the audit. The ISAE 3402 Type 1 Report is a snapshot from a point in time. It assesses the suitability of the design and implementation of the service organization's controls as of a specific date. It confirms that the controls are designed correctly and are in place. The ISAE 3402 Type 2 Report is a more comprehensive and rigorous report. It evaluates not only the design and implementation of controls but also their operating effectiveness over a period of time (typically 12 months).
An auditor performs detailed testing of the controls throughout this period to determine if they actually worked as intended and consistently achieved their objectives. This type of report provides a higher level of assurance to the vendor's clients because it demonstrates that the controls have been functioning effectively over time, not just at a single point.
Access Control & Authentication
Secure Password Policy Defined
Profiles & Permissions used in Role-Based Access Controls
Principle of Least Privildge Followed; UpClear Personnel get Minimum Necessary Access Rights
Single Sign-On Capability May be Utilized
Azure: UpClear Benefits from Built-in Security Features and Best Practices