Andesa Services Successfully Completes SOC 1®, SOC 2®, and SOC 3® Examinations

Written by: Kerianne Geist

Andesa, a leading policy lifecycle solutions provider for the life insurance and annuities industry, announced today the successful completion of its annual Service Organization Control (SOC) examinations for 2021.  The SOC examinations were conducted according to attestation standards created and managed by the American Institute of Certified Public Accountants (AICPA). The AICPA has established three, distinct SOC examination engagements – SOC 1®, SOC 2® and SOC 3®.

Andesa has delivered the following reports to its clients:

  • SOC 1®/Type II report – A restricted distribution report that examines the design and operating effectiveness of Andesa’s controls. This report addresses Andesa’s Administration System for Processing Insurance Policy, Plan Values and Transactions related to financial reporting.
  • SOC 2®/Type II report – A restricted distribution report that examines the design and operating effectiveness of Andesa’s controls as they relate to Security and Availability.
  • SOC 3® report – An unrestricted distribution summary report issued upon successful completion of SOC-2/Type II.

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2® compliance is widely recognized as a gold standard for data security and requires companies to establish and follow strict information security policies and procedures.

Andesa retained an independent public accounting firm for its SOC audit work.  The audits included examination of Andesa’s policies and procedures, system development lifecycle, data centers, logical access, backup and disaster recovery and other critical operational areas.  Upon the completion of the audits, Andesa received an unqualified opinion demonstrating that their infrastructure, policies, and procedures meet or exceed the strict SOC 1® and SOC 2® criteria.  Because SOC 1® and SOC 2® independently verify the effective design and operation of Andesa’s control activities and processes, Andesa’s clients can be assured that the highest level of internal controls and security are established and maintained.

“We are pleased to receive our SOC 2® Type II attestation as it demonstrates Andesa’s ongoing commitment to securing our customers’ data,” said Jacqueline Hunter, Enterprise Risk Management Officer and General Counsel. “We continue to prioritize the security, privacy and availability of our systems. The completion of our SOC 1® and SOC 2® Type II audits, issued with an unqualified opinion, demonstrates our ongoing commitment to Andesa’s clients to protect our systems and data.  As organizations continue to migrate to cloud solutions to safely collect and store significant amounts of data, they will continue to look to partners like Andesa with a demonstrated history of strong privacy protocols”, said Jacqueline.

About Andesa
Andesa is a leading, employee-owned provider of policy lifecycle solutions for the life insurance and annuities industry that offers modern cloud-based systems for transaction management and recordkeeping. Through flexible end-to-end lifecycle management solutions, private cloud technology, and decades of market and product expertise, we help carriers, brokers, sponsors, and participants pursue strategic sales opportunities and successfully navigate market change. For more information on Andesa, please visit or follow us on Twitter @AndesaServices.


Follow the Andesa Blog

"*" indicates required fields


Any Questions?