Compliance

Meeting regulatory requirements for financial services and data protection

Auctra maintains compliance with industry standards and regulatory frameworks across financial services, data protection, and information security. Our compliance program ensures we meet the requirements of our enterprise customers operating in regulated industries.

Financial Services

PCI DSS Level 1

Payment Card Industry Data Security Standard certified for secure handling of card transaction data.

Key Controls:

  • • No storage of sensitive authentication data (CVV, PIN)
  • • Encrypted transmission of cardholder data
  • • Quarterly vulnerability scanning and annual penetration testing
  • • Quarterly Attestation of Compliance (AOC)

BSA/AML Program

Bank Secrecy Act and Anti-Money Laundering compliance framework for transaction monitoring.

Program Elements:

  • • Transaction monitoring and suspicious activity reporting
  • • Know Your Customer (KYC) procedures
  • • Ongoing customer due diligence
  • • Annual independent audit of AML program

SOC 2 Type II

Independent audit of controls relevant to security, availability, and confidentiality.

Trust Service Categories:

  • • Security: Protection against unauthorized access
  • • Availability: System accessibility and performance
  • • Confidentiality: Protection of confidential information
  • • Annual audit with continuous monitoring

Data Protection

GDPR (General Data Protection Regulation)

Full compliance with European Union data protection law.

Data Subject Rights

  • • Right to access
  • • Right to rectification
  • • Right to erasure
  • • Right to data portability

Processing Safeguards

  • • Data minimization
  • • Purpose limitation
  • • Storage limitation
  • • Integrity & confidentiality

CCPA (California Consumer Privacy Act)

Compliance with California privacy law and consumer rights.

Consumer Rights:

  • • Right to know what personal information is collected
  • • Right to delete personal information
  • • Right to opt-out of sale of personal information
  • • Right to non-discrimination for exercising rights

Information Security

ISO 27001

International standard for information security management systems (ISMS).

Risk Management

  • • Annual risk assessment
  • • Risk treatment plans
  • • Continuous monitoring

Security Controls

  • • Access control
  • • Cryptography
  • • Physical security

Operations

  • • Change management
  • • Incident response
  • • Business continuity

Compliance Resources

SOC 2 Type II Report

Available to customers under NDA upon request.

Data Processing Agreement (DPA)

GDPR-compliant data processing agreement for EU customers.

View DPA →

Penetration Test Summary

Executive summary of annual penetration testing results.

Compliance Questions?

Our compliance team is available to discuss regulatory requirements and provide documentation for your security review process.

Contact Compliance Team