aicpa soc logo

Granite Escrow & Settlement Services has successfully completed their Statement on Standards for Attestation Engagement No. 18 (SSAE 18) SOC 1 Type 2, SOC 2 Type 2, and SOC 3 audit for the 5th consecutive year.   Granite is only one of a handful of escrow companies in the state to have passed this specialized audit on all of our controls over security, availability, processing integrity, confidentiality, privacy and financial reporting earning this prestigious attestation.

Granite’s policies and procedures, security principles and procedures are designed to protect their clients who entrust their private information and assets with the company. Granite successfully processed over $4.4 Billion in customer transactions in 2019 whilst exceeding the criteria set by the American Land Title Association (ALTA) Settlement Companies Best Practices Framework, the National Institute of Standards and Technology (NIST) risk management framework, and the NIST Privacy framework.

According to the FBI’s annual year-end review, cyber-attacks succeeded in taking $3.5 Billion in losses, affecting 467,000 consumers and businesses alike. Granite management recognized early that in order to truly protect the consumer, it had to operate at the highest levels of data security, availability, processing integrity, confidentiality and privacy.

SOC 1 Type 2 Audit

The SOC 1 type 2 for Service Organizations: Reports on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting. The escrow marketplace has been challenged to demonstrate adherence to the ALTA Best Practices Framework. Amid the fog of uncertainty, the SOC 1 audit is the prevailing compliance vehicle of choice when meeting the CFPB requirements. In response to the CFPB bulletin, many title and escrow companies have been in search of specific guidance to follow to come into compliance. One of the more popular sources of guidance has come from the American Land Title Association® (ALTA®). ALTA® has created the Title Insurance and Settlement Company Best Practices. To test compliance with these best practices, many in the title and escrow industry are using the SOC 1 audit as the “go-to” compliance vehicle of choice.

SOC 2 Type 2 Audit

The SOC 2 Type 2 Independent Service Auditor’s Report focuses on five criteria relevant to data security, availability, processing integrity, confidentiality and privacy. Companies completing the audit have the option to be judged on one or more of the five categories. Granite Escrow & Settlement Services has met or exceeded the industry-leading standard for the Security Trust Service Criteria. The Security criteria verifies Company systems are protected against unauthorized access, use, or modification to meet the entity’s commitments and system requirements. “Granite Escrow has implemented a robust set of internal controls to comply with ALTA Best Practices,” says Brad Cohen, president of Granite Escrow & Settlement Services.  “The successful completion of this audit is a testament to our internal team’s commitment to their customers.”

SOC 3— SOC for Service Organizations: Trust Services Criteria for General Use Report

The SOC 3 report is designed to meet the needs of clients who want assurance about the controls at a service organization relevant to security, availability, processing integrity confidentiality, or privacy without the need for confidentiality or Non-Disclosure agreements normally associated with the SOC 1 & SOC 2 attestations.

aicpa soc logo