Currently viewing as Credit Union. Not You?

Strategies for Corporate Infrastructure

Steven Lee | Uncategorized | February 1, 2018

SaaS Engagement

Are you entrusting a software provider with confidential data? How secure is their SaaS system? What insights do you have into the confidentiality, processing integrity and availability of the managed application? In 2016, approximately 80% of US companies experienced cyber-attacks. Numerous data breaches have occurred exposing millions of personal identities. Considering these attacks will continue to hinder software systems in the future, you should select a provider that is committed to maintaining the highest standards and strictest security possible.   What should you look for with respect to selecting the right provider?

When selecting a provider I recommend:

  • Your SaaS provider conducts regular internal and third-party assessments of the application and the infrastructure.
  • Their employees should be bound by non-disclosure agreements to deter the employee from exposing confidential information.
  • Providers should meet with their employees at least annually and remind them of legal and ethical responsibilities when they are exposed to sensitive data.
  • The provider offers Service Organization Control and compliance reports (i.e. SOC 1, SOC 2, PCI DSS)


Using the reports mentioned above, make sure that the provider’s controls satisfy your audit department’s requirements. These reports will give insight into the provider’s:

  • Policy and procedures
  • Security standards for the networks, servers, and desktops
  • Encryption standards that define the level of encryption of your data both at-rest and in-transit
  • Encryption key management to understand their process around protecting encryption keys.
  • Software development life cycle (SDLC) to understand the process of adding feature function to the system including design, secure coding standards, QA, and deployment.
  • Security patching to see how quickly newly discovered vulnerabilities are applied to the systems
  • SSL certificate management

Software as a Service, if used properly, can help your business save money, time and human resources, and eliminate problems like software maintenance and incompatibility. However, it is important to thoroughly research the security around the individual provider and their services before implementing their solutions.

Designed by Freepik


(800) 841-9950

1600 SUNFLOWER AVE, #200

About TCI

A leading provider of software-as-a-service (SaaS) loan origination solutions for credit unions, banks, and finance companies. As a leader in loan origination software advancement, TCI introduced the industry’s first cloud-based SaaS loan origination solution in 1998. After 20 years in the loan software industry, we haven’t lost our desire to innovate and evolve, ensuring institutions like yours get the best service, consistent uptime and breakthrough innovation you need. After changing the lending landscape forever in 1998 and establishing our place as the industry innovator, TCI continues to revolutionize the lending process. Our sole focus is on making responsive, configurable online/mobile, direct and indirect lending accessible, safe and easy for financial institutions of all sizes so they can keep pace with fintech disruptions and give their borrowers the frictionless lending experience they’ve come to expect.

Currently viewing page as Credit Union. Not You?
© 2022 TCI. All rights reserved. Privacy Policy. Web design by Lumina.