SOC 2 Meets Death Master File Certification Requirements

Posted on December 14, 2022January 2, 2026

The System and Organization Controls (SOC) framework may be mapped to achieve requirements of the National Technical Information Service’s (NTIS) Limited Access Death Master File (LADMF) certification. When choosing SOC 2 to achieve your LADMF certification, businesses may also benefit from the marketing value of their SOC 2 attestation, which demonstrates your commitment to access and process client data in a secure manner.

The LADMF certification has many practical uses that span across industries, such as insurance, banking, health care, public sector, and investment management. Access to the data is commonly used by organizations to help prevent fraud and validate certain financial transactions (e.g., to stop payment of annuities or retirement benefits upon death, validate death claims, and research unclaimed property). Given its sensitivity, the requirements of the NTIS are intended to keep safe personally identifiable information of deceased citizens.

Death Master File Attestation

Organizations seeking access to the LADMF are required annually by NTIS to self-certify that they have designed and implemented controls in place for receipt and maintenance of the LADMF. These organizations must undergo an independent assessment by an Accredited Conformity Assessment Body (ACAB) every three years to ensure that the controls are adequate to secure LADMF information. Further, these organizations are subject to scheduled and unscheduled audits from the NTIS with steep penalties levied for violation of the rule.

SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The framework is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

The standards in SOC 2 may be mapped to the assessments required by NTIS, which provides entities with the benefit of being SOC 2 compliant while simultaneously meeting the requirements for access to the LADMF.

Choosing the SOC 2 compliance framework helps organizations meet their Death Master File requirements and adds value when marketing to new customers. Customers often require a SOC 2 from organizations with whom they work, especially for cloud-based services, to ensure their data is protected.

AAFCPAs is an ACAB with extensive experience assisting those seeking certification and access to the LADMF.

Related Insights

Carla McCall Featured in FM Magazine on Finance Roles in Cybersecurity

FM Magazine Report: 5 emerging business cyberthreats — and how to combat them FM Magazine (October 2025) – From deepfakes to payment fraud, companies are at risk of increasingly complex cyberthreats—with finance taking a leading role in mitigating risks. Carla McCall, CPA, CGMA, Managing Partner of AAFCPAs, contributed insights into five emerging business cyberthreats and […]

How IT Controls Keep Your Systems and Data Safe

During AAFCPAs’ recent webinar, Understanding Your ITGCs: Why They Matter and How to Strengthen Them (November 2025), Lisa Whittemore, CFE, CRMA, MBA and Vassilis Kontoglis presented a practical framework for assessing, strengthening, and monitoring IT general controls to protect data, ensure operational continuity, and support regulatory compliance. A single misstep in IT General Controls (ITGCs) […]

Watch Understanding Your ITGCs: Why They Matter and How to Strengthen Them

IT General Controls (ITGCs) are under increasing scrutiny—and the consequences of failure are growing. CEOs, CFOs, and Boards are often blindsided by assessment findings, risk exceptions, and regulatory pressure tied to weak or outdated IT controls. These issues aren’t just technical—they’re strategic, with real implications for financial integrity, compliance, and reputation. In this webinar, we […]