Peach announces InfoSec certifications

Today, we’re announcing that we’ve renewed our certifications for SOC 2 Type 2 and PCI DSS Level 1, and that we’ve achieved certification for SOC 1 Type 1. These certifications position us to help a wide variety of lenders, including those at enterprise scale and with strict InfoSec requirements.

To achieve these certifications we worked with independent third-party auditors Laika and FoxPointe, who provided an important third-party validation of our internal and external processes and high level of operational excellence. The certifications complement our Compliance Guard™ offering, which gives lenders an unprecedented advantage in staying compliant with lending regulations.

To learn more, read the full press release.

An excerpt from the press release

OAKLAND, Calif.--(BUSINESS WIRE)--Peach Finance, a cloud-native lending technology platform that helps lenders quickly launch and confidently scale new lending products, today announced that it has renewed its certifications for SOC 2 Type 2 and PCI DSS Level 1, and achieved certification for SOC 1 Type 1.

The certifications position Peach to serve the needs of a wide range of lenders, including those at enterprise scale and with strict InfoSec requirements. The certifications are also a significant third-party validation of Peach’s internal and external processes and high level of operational excellence. Peach worked with independent third-party auditors Laika and FoxPointe, well-known firms that provide end-to-end compliance and audit management for modern companies like Peach. In addition to its certifications in SOC 2 Type 2, SOC 1 Type 1 and PCI DSS Level 1, Peach is also positioned to support lenders subject to HIPAA.

Peach’s InfoSec certifications complement its compliance-first approach, which sets it apart in the lending technology space. Peach practices defense-in-depth security architecture and employs best-in-class practices and tools to maintain security on all levels. And Peach’s Compliance Guard™ gives lenders an unprecedented advantage in staying compliant with lending regulations. Compliance Guard conducts borrower status monitoring for bankruptcy, deceased, active military and FEMA disasters. It also scans outbound communications for compliance with federal and state regulations, and features a configurable rules engine that enables lenders to customize their policies.

Peach’s other information security practices include the following.

Authentication, authorization and accounting

Peach maintains role-based access control (RBAC) across all its systems. Access to all critical services requires SSO / multi-factor authentication. Accounting is carried out by logging of session statistics and usage information.

Penetration tests and vulnerability scans

Peach engages with trusted third parties for penetration testing and vulnerability scans and performs internal vulnerability scans continuously to identify, prioritize and remediate potential system vulnerabilities.

Security training and background checks

All Peach employees are required to complete mandatory security training, and all new employees complete this training as part of onboarding. Peach conducts background checks on all applicants selected for full-time employment.

Data encryption

Through Google Cloud, Peach encrypts data at rest and in transit using AES and a Transport Layer Security protocol. Peach also uses logging and monitoring to detect and alert staff to potential security issues, and deploys firewalls and…(continue to Business Wire)