January marks NTC's annual mandatory cyber security course for all team members which covers an advanced curriculum for staying safe from the latest tactics used by cyber criminals.
Part of NTC's ongoing extensive training measures is a course specifically designed to teach our team members how to spot a cyber security attack. Some of these attacks are ingenious in nature, they can look so real and authentic that veterans in business have fallen prey to these scams and often end up costing their employers millions of dollars, not to mention putting thousands of consumers at risk of cyber fraud. Security expert Jeff Bernstein just recently wrote a great piece about the rise of cyber criminals targeting the mortgage industry, read it by clicking here. We thought it was timely and coincides directly with our efforts on cyber security.
As a leader in residential real estate industry research and document processing, NTC deeply understands the importance of compliance with rigorous operating standards. As part of its ongoing commitment to meeting and maintaining these standards, NTC has always successfully completed the SSAE 16 examination of its mortgage processing services. The examination most recently conducted by an independent CPA firm, BrightLine CPAs and Associates, Inc was in 2015.
To ensure that it remains in compliance with the standards promulgated by these governing bodies, NTC regularly engages auditors to conduct SSAE 16/SOC 1 examinations. The key operational components that were reviewed in the recent examination included NTC’s general management controls, risk management, information security, and communications systems.
Per NTC’s standard practice, the company opted to have the auditors conduct a Type # 2 SOC 1 examination. Unlike the less rigorous Type # 1 SOC 1 examination, which delivers an opinion and description of operations relevant to the service an organization provides as of a certain date, in the Type # 2 SOC 1 examination the auditor tests internal controls and processes over a period of time to verify that the internal controls and processes are actually occurring as the service organization intends, and that the controls were in place during the audit period. Since the auditors provide an opinion about the actual operation of controls, third parties are considered more likely to accept a Type # 2 SOC 1 report than a Type # 1 SOC 1 report. No exceptions were found in the Type # 2 SOC 1 examination of NTC.
The Statement on Standards for Attestation Engagements # 16 (SSAE 16), also known as the Service Organization Controls Report # 1 (SOC 1), was formerly known as the Statement on Auditing Standards # 70 (SAS 70). Through actions of the Auditing Standards Board of the American Institute of Certified Public Accountants, SSAE 16 superseded the SAS 70 audit standard in mid-2011. It is the adopted version of the International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization, for use in the United States.
