Peach Announces SOC 2 Type 2, SOC 1 Type 1 and PCI DSS Level 1 Certifications

OAKLAND, Calif.--()--Peach Finance, a cloud-native lending technology platform that helps lenders quickly launch and confidently scale new lending products, today announced that it has renewed its certifications for SOC 2 Type 2 and PCI DSS Level 1, and achieved certification for SOC 1 Type 1.

The certifications position Peach to serve the needs of a wide range of lenders, including those at enterprise scale and with strict InfoSec requirements. The certifications are also a significant third-party validation of Peach’s internal and external processes and high level of operational excellence. Peach worked with independent third-party auditors Laika and FoxPointe, well-known firms that provide end-to-end compliance and audit management for modern companies like Peach. In addition to its certifications in SOC 2 Type 2, SOC 1 Type 1 and PCI DSS Level 1, Peach is also positioned to support lenders subject to HIPAA.

Peach’s InfoSec certifications complement its compliance-first approach, which sets it apart in the lending technology space. Peach practices defense-in-depth security architecture and employs best-in-class practices and tools to maintain security on all levels. And Peach’s Compliance Guard™ gives lenders an unprecedented advantage in staying compliant with lending regulations. Compliance Guard conducts borrower status monitoring for bankruptcy, deceased, active military and FEMA disasters. It also scans outbound communications for compliance with federal and state regulations, and features a configurable rules engine that enables lenders to customize their policies.

Peach’s other information security practices include the following.

Authentication, authorization and accounting

Peach maintains role-based access control (RBAC) across all its systems. Access to all critical services requires SSO / multi-factor authentication. Accounting is carried out by logging of session statistics and usage information.

Penetration tests and vulnerability scans

Peach engages with trusted third parties for penetration testing and vulnerability scans and performs internal vulnerability scans continuously to identify, prioritize and remediate potential system vulnerabilities.

Security training and background checks

All Peach employees are required to complete mandatory security training, and all new employees complete this training as part of onboarding. Peach conducts background checks on all applicants selected for full-time employment.

Data encryption

Through Google Cloud, Peach encrypts data at rest and in transit using AES and a Transport Layer Security protocol. Peach also uses logging and monitoring to detect and alert staff to potential security issues, and deploys firewalls and anti-virus to secure endpoints.

Policies

Peach maintains relevant security policies, with a formal review of policies annually. Peach’s Employee Handbook, which all employees must sign during onboarding, strictly prohibits the use of company and confidential data for any non-business, unlawful or improper purpose. Peach’s policies also prohibit employees from storing sensitive data on Peach-issued laptops or desktop computers, on personal devices, on removable media, and on printed media.

About Peach

Peach is a cloud-native lending technology platform that helps fintechs and traditional financial institutions quickly launch new lending programs. Peach is the only lending platform built on an Adaptive Core™. The company’s fully integrated suite of API-based products includes a loan management system that supports virtually any non-mortgage asset class and features 200+ configuration variables; a suite of proprietary servicing tools, including a lending-specific CRM, borrower portal, agent portal, payment processing, communications, reporting and first-party collections tools; and Compliance Guard™, a proprietary compliance monitoring system. Peach was built by leaders from top fintechs like Affirm, Avant and Prosper, who set out to create the most configurable, robust, compliance-forward and future-proof lending platform in the market. Learn more at peachfinance.com.

Contacts

Peach media contact
Crayton Montei
press@peachfinance.com

Release Summary

Peach has renewed its certifications for SOC 2 Type 2 and PCI DSS Level 1, and has achieved certification for SOC 1 Type 1

Social Media Profiles

Contacts

Peach media contact
Crayton Montei
press@peachfinance.com