February 23, 2023
Plaid Launches Security Portal To Accelerate Security Diligence
Emre Ugurlu & Kenneth Moras
At Plaid, we work hard to ensure data in our systems is safe and protected. As fintech adoption grows, it is critical that our thriving ecosystem of customers, partners, and consumers understands our commitment to security and privacy, including how we are vetted by credible third-party organizations and the investments we make in improving our security posture. To that end, we are proud to announce the launch of our Security Portal (security.plaid.com), to help partners and customers expedite their diligence and make informed decisions when working with Plaid. Moving forward, we will regularly update our Security Portal with the latest information regarding our security practices, audit reports, certifications, and other related documents.
Creating a Frictionless Procurement Process
Building trust through collaboration with security-conscious customers and partners is critical. At Plaid, we work with 8,000+ customers and 12,000+ data partners to foster innovation in the fintech ecosystem. At that scale, supporting Cybersecurity Due Diligence reviews can be inefficient and time-consuming for everyone. In addition to solving for internal efficiencies, we know our customers and partners would appreciate a faster and easier way to establish diligence on Plaid. Diligence initiated by our existing or prospective partners happens at various times throughout the year, primarily during procurement. Our vision for the Security Portal is grounded in ensuring a frictionless procurement process while addressing the high bar of expectations our customers and partners have when qualifying our technology.
With the launch of our Security Portal, we will make it easier for our partners in the fintech ecosystem to understand and verify our security posture. By providing access to a plethora of information and documents (such as SOC2 Type 2 reports, ISO27001 & ISO27701 certificate, Penetration Testing results, standard prefilled vendor questionnaire, Cyber insurance, policies, etc) relating to security in a centralized repository, Plaid will be able to satisfy due diligence requirements at scale and to a higher degree of speed and accuracy than previously possible.
What is a Security Portal?
Our Security Portal is a public-facing security portal that can efficiently distribute various security artifacts commonly requested and used during Cybersecurity Due Diligence efforts.
How to use the Security Portal
1. Access To Public Security Collateral: Plaid has various documentation like our ISO certificate and standard prefilled vendor security questionnaires which can be obtained without requesting (gated) access to the portal. Navigate to the Public section or look for artifacts that are unlocked to download them directly from our portal.
2. Access To Private Security Collateral: Request and obtain timely access to confidential security documents. Upon undergoing the auto-approval conditions we have instated, customers and partners will be provided access to Private Security Documents instantaneously, aiding in Cybersecurity Diligence efforts. If auto-approval conditions could not be met, the Security Team will be issued an alert to manually approve the access request.
3. Questionnaire Support: Customers and partners can access a repository of frequently asked questions by leveraging our Knowledge Base and Security Domain Tiles.
4. Subscribe: Our Customers and Data Partners can receive real-time updates by subscribing to our Security Portal. This includes notifications of new Security Compliance documents and our response to material security events.
As a rapidly growing company, Plaid continuously invests in maturing our security posture. The Security Portal will be where all customers and partners can understand and assess our current practices and policies in place to keep data secure.
Building trust is more than simply exchanging documents and providing audit reports. Industry coordination across initiatives like OFDSS to bolster commitments to safety and soundness is also critical. The Security Portal will be updated so that it reflects our work and continued investments in support of a safer ecosystem.