North Carolina-based Law Firm Achieves SOC 2 Certification

April 14, 2015

Brady & Kosofsky PA., a North Carolina-based law firm offering real estate closing, title search, REO and loss mitigation services, announced it has completed a Service Organization Control 2 (SOC 2) Type 1 certification. Completion of the SOC 2 Type I certification indicates that processes, procedures and controls adopted by Brady & Kosofsky in its validated private cloud have been formally evaluated and tested by the independent accounting and auditing firm of Kushner, Smith, Joanou & Gregson LLP of Newport Beach, Calif. The certification included the company's controls related among other things to the Trust Services Principles and Criteria of Security and Availability.

Brady & Kosofsky, through its proprietary technology platform and private cloud, provides title search and curative services to servicers, asset management companies, title insurance agencies, title insurance underwriters, banks and mortgage originators. All of these entities are subject to CFPB oversight and compliance requirements such as Gramm Leach Bliley Act and OCC third-party risk requirements may request and leverage the Brady & Kosofsky, SOC 2 Type I report as part of their compliance strategy.

"SOC 2 exams are rigorous independent assessments, geared toward service providers who handle non-public private information of consumers especially providers of mortgage products and other financial services to regulated banks,” said Jaime Kosofsky, a partner of Brady & Kosofsky who oversees the firm’s compliance efforts. “With the release of the comments of the OCC and CFPB Bulletin 2012-03, it became apparent that our banking partners and clients would benefit if out firm took steps to define our security protocols and have them scrutinized by a third party."

The certification is an important step for any real estate title services and closing provider that supports the highly regulated consumer banking and lending industry. The audit includes a full assessment of:

  • Security: Data centers are protected against unauthorized access (both physical and logical).
  • Availability: Data centers are available for operation and use as committed or agreed.
  • Integrity : Data is secure and protected against unauthorized changes
  • Privacy: Firm has put into place, proper physical and cybersecurity to protect the privacy of clients’ NPI
  • Policies: Firm has developed and put into action policies that govern the security and processes by which the firm ensures the safety of client information. This includes IT policies, hiring and human resources policies and trust account management policies
  • Monitoring: Firm has implemented a robust system of monitoring all IT activity, both permitted and hacker attempts to compromise IT infrastructure. This is accomplished with a real-time monitoring system. We have a system of random physical audits at a frequency of two to three times per month.

According to Kosofsky, a SOC 2 examination is widely recognized, because it represents that a service organization has been through an evaluation of their control activities as they relate to the applicable Trust Services Principles and Criteria.

"With our successful completion of certification, we are able to provide our customers and industry partners with greater insights into our controls, procedures and systems for our title and closing operation as well as our REO and loss mitigation practice," Kosofsky said.


Contact ALTA at 202-296-3671 or communications@alta.org.