[1]Matthews, North Carolina-based default servicing and real estate closing law firm Brady & Kosofsky, P.A. [2], announced that the firm has successfully completed a Service Organization Control 2 (SOC 2) Type 1 certification under AT Section 101.
The completion of this certification indicates that the independent auditing firm of Kushner, Smith, Joanou & Gregson of Newport Beach, California, has formally evaluted the processes, procedures and controls adopted by Brady & Kosofsky in their validated private cloud. The certification includes the firm's controls related to, among other things, the Trust Services Principles and Criteria of Security and Availability.
The firm is able to provide title search and curative services in connection with operation of all areas of default servicing and other areas of real estate, including the Real Estate Closing Industry, National REO Industry, National REO Industry, RELO Industry, and Loss Mitigation Industry to Servicers, Asset Management Companies, Title Insurance Agencies, Title Insurance Underwriters, Banks, and Mortgage Origination. Organizations subject to Consumer Financial Protection Bureau oversight and other requirements may leverage, as part of their compliance strategy, the Brady & Kosofsky SOC 2 Type 1 report.
"SOC 2 exams are rigorous independent assessments, geared toward service providers who handle non-public private information of consumers especially providers of mortgage products and other financial services to regulated banks and their activities in the disposition of real estate owned after foreclosure (REO), loss mitigation and foreclosure avoidance procedures such as loan modifications, deeds-in-lieu of foreclosure and short sales," said Jaime Kosofsky, a partner with the firm who oversees the company's compliance efforts. "With the release of the comments of the OCC and CFPB Bulletin 2012-03 it became apparent that our banking partners and clients would benefit if out firm took steps to define our security protocols and have them scrutinized by a third party."
The audit includes a full assessment of: security (ensuring data centers are protected against both physical and logical unauthorized access), availability (data centers are available for use as agreed), integrity (data is secure and protected from unauthorized changes), privacy (the proper physical and cybersecurity to protect the non-public personal information of clients), policies (policies which govern the processes by which the firm ensures safety of client information, including IT, hiring, HR, and trust account management policies, have been developed and put into place), and monitoring (a robust real-time system of monitoring all IT activity).
"With our successful completion of certification, we are able to provide our customers and industry partners with greater insights into our controls, procedures and systems for our title and closing operation as well as our REO and Loss Mitigation Practice," Kosofsky said.