Compliance
Policy and evidence materials for vendor due diligence. Full packets are shared with pilot banks under NDA.
Where we are
CheckCheck builds compliance into the product and organizes the evidence to support a vendor-risk evaluation today. Check data is handled as GLBA Non-Public Personal Information, access is least-privilege and audited, and each institution runs in its own isolated environment. Audit-grade milestones — SOC 2 Type II, an external penetration test, and MFA/SSO — are sequenced against the first production bank pilot.
Materials we provide to pilots
- Pilot due diligence packet
- Control matrix and system boundary documentation
- FFIEC / GLBA crosswalk
- Information security, incident response, and business continuity policies
- SOC 2 readiness summary
- Test and audit evidence (under NDA)