Setting the standard for security

Dated audit confirmation methods don’t protect your clients’ data and are susceptible to fraud. The Thomson Reuters® Confirmation digital platform is the only way to ensure the process is secure from start to finish, limiting risk for you and your clients.

  • Every party validated

    • The business details of both auditors and bankers are validated before platform use. 
    • The right information goes to the right person, reducing fraud risk.
    • Only the authorized signer can electronically sign the confirmation. 
    • All user activity is logged in the platform, creating an electronic confirmation trail. 
  • End-to-end security 

    • All signatures, attachments, and completed confirmation documents are protected using AES-256 encryption, mitigating risk. 
    • We exceed industry standards and pass hundreds of security and compliance reviews each year. 
    • We undergo two Service Organization Control (SOC) exams annually.
  • Fraud prevention 

  • Integrated solutions 

    Our integrated solutions, like our Audit APIs and Bank APIs, help automate confirmation requests and responses, reducing errors and intentional fraud.

Setting the standard for security

  • To illustrate Confirmation’s commitment to effective operational controls and privacy and security best practices, we undergo Service Organization Control (SOC) examinations annually and have received an ISO 27001 certification for the service. Collectively, these provide assurance about the controls we implement to protect the privacy and confidentiality of our users’ data and the security, availability, and processing integrity of our system.

SOC 1 and SOC 2 examinations

  • SOC reports examine controls over the services provided by service organizations. To address our customers’ varying needs, we complete two SOC examinations.
  • Type 2 SOC 1—prepared in accordance with SSAE 18 reports on the design and operating effectiveness of controls relevant to user entities’ internal control over financial reporting.
  • Type 2 SOC 2 – reports on the design and operating effectiveness of controls that affect the security, availability, and confidentiality of the information processed by the system.

ISO 27001 Certification

  • ISO 27001 Certification on the services—Represents the globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, maintaining, and improving a documented ISMS within the context of an organization’s overall business risks.
  •’s ISMS covers its online audit confirmation service and infrastructure including data and data environments, servers, source code, and internal networks.
  • View our ISO27001 Certificate.

Information security summary

  • Protecting our customers’ information is at the core of our Information Security strategy. Thomson Reuters maintains its reputation for providing reliable and trustworthy information through a variety of means, including a comprehensive information security management program supported by a wide range of security policies, standards, and practices.
  • Visit the Confirmation profile on Whistic to see our approach to information security and data privacy.