Security is more important than ever in a digital age. With all the news headlines of data breaches and privacy controversies, there’s no wonder that people are concerned about the safety of their personal data.


Your CRM vendor handles not only your data, but your client’s data as well. If they don’t have proper security, then data breaches could land you in trouble. With all the regulations in the mortgage industry, lenders can held accountable to the mistakes of their third-party vendors and services.It’s your duty to protect your client’s information by making sure your Customer Relationship Management System is secure. Perhaps the best security accreditation is the SOC 2 Type II certification.


Companies with SOC 2 Type II are verified to have rigorous security practices. Their servers must be protected and all hardware must be handled properly. Employees have to go through mandatory security training every year, learning everything from proper password protection to how to defend from phishing attempts.Because unprotected software can become a target to hackers and untrained employees could fall for scamming attempts, you need to know that the proper security measures are in place. A SOC 2 Type II audit means that the company not only has these security measures in place, but also have been audited to verify that they uphold these practices.


There is an important distinction between SOC 2 Type I and SOC 2 Type II. The former means that the proper security measures have been put in place. The latter means that those security measures have been tested rigorously over a long period of time. In other words, Type I means that a company simply has the right security measures, while Type II means that those security measures actually work. While a SOC 2 Type I verification is better than nothing, you should seek out companies that are specifically SOC 2 Type II certified.


Compliance is essential for mortgage brokers. Not only should their company have good security practices, but their vendors should as well, including their LOS and CRM. If your CRM is not secure, your clients and your company is at risk.