The System and Organization Controls (SOC) framework may be mapped to achieve requirements of the National Technical Information Service’s (NTIS) Limited Access Death Master File (LADMF) certification. When choosing SOC 2 to achieve your LADMF certification, businesses may also benefit from the marketing value of their SOC 2 attestation, which demonstrates your commitment to access and process client data in a secure manner.
The LADMF certification has many practical uses that span across industries, such as insurance, banking, health care, public sector, and investment management. Access to the data is commonly used by organizations to help prevent fraud and validate certain financial transactions (e.g., to stop payment of annuities or retirement benefits upon death, validate death claims, and research unclaimed property). Given its sensitivity, the requirements of the NTIS are intended to keep safe personally identifiable information of deceased citizens.
Organizations seeking access to the LADMF are required annually by NTIS to self-certify that they have designed and implemented controls in place for receipt and maintenance of the LADMF. These organizations must undergo an independent assessment by an Accredited Conformity Assessment Body (ACAB) every three years to ensure that the controls are adequate to secure LADMF information. Further, these organizations are subject to scheduled and unscheduled audits from the NTIS with steep penalties levied for violation of the rule.
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The framework is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
The standards in SOC 2 may be mapped to the assessments required by NTIS, which provides entities with the benefit of being SOC 2 compliant while simultaneously meeting the requirements for access to the LADMF.
Choosing the SOC 2 compliance framework helps organizations meet their Death Master File requirements and adds value when marketing to new customers. Customers often require a SOC 2 from organizations with whom they work, especially for cloud-based services, to ensure their data is protected.
AAFCPAs is an ACAB with extensive experience assisting those seeking certification and access to the LADMF.
If you have questions about your DMF assessment or a SOC 2 attestation, please contact Andrew Mathieson at 774.512.9089, firstname.lastname@example.org; or your AAFCPAs Partner.