Trust with UGA Finance 


UGA Finance cares deeply about data security and privacy of personal information. We take complying with data protection laws and regulations very seriously. UGA Finance protects your information and data by adhering to regulatory entities such as; ISO, PCI DSS, HIPAA, and SOC. We regularly undergo verification of global security standards from a certified independent third-party auditor. We are committed to providing confidentiality, integrity and availability to all of our clients.




SOC 1 Type II

Last Audit Completed: August 1, 2018

Renewed Annually on August 1st


A Service Organization Control 1 (SOC 1) engagement is an audit of the internal controls (policies, procedures, and technologies) which a service provider has implemented to protect client data. SOC 1 audits are performed in accordance with the Statement on Standards for Attestation Engagements No. 18 (SSAE 18). SOC 1 reports are primarily designed to report on the controls of service organizations that are relevant to their client’s financial statements. SOC 1 audits are intended to aid service organizations in eliminating potential errors to client information and ensuring efficiency in their controls

  • Type 2 - report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

ISO 27001:2013

Last Audit Completed: August1, 2018

Renewed Annually on August 1st


ISO 27001 is the only internationally-accepted standard for governing an organization’s information security management system (ISMS). The ISMS preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.

The ISO 27001 standard tells organizations how to create and run an effective information security program through policies and procedures and associated legal, physical, and technical controls supporting an organization’s information risk management processes. It’s vital that the ISMS is integrated with the organization’s processes and overall management structure, and that information security is considered in the design of processes, information systems, and controls.


Last Audit Completed: July 1, 2018

Renewed Annually on July 1st


Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.


The Health Insurance Portability and Accountability Act (HIPAA) defines the privacy and security provisions for safeguarding medical information (protected healthcare information: PHI). The HIPAA regulation framework includes the following categories of regulations: Security Rule, Privacy Rule, Breach Notification, and Enforcement Rule.


Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management.

  • Reports available upon request.