Trust Center

Netchex completed its SOC 1 Type II audit for the October 1, 2022, through September 30, 2023, audit period and is now available in the Netchex Security Portal. Our SOC 1 reports on Netchex's controls relevant to User Entities' Internal Control over Financial Reporting (ICFR). This Type II report covers the controls' design and operating effectiveness over 12 months.

Download the latest Netchex SOC 1 Type II Report

Netchex has completed its review and can confirm it has no instances of MOVEit software in its environment. Netchex has not been impacted by the high-profile MOVEit vulnerabilities affecting many government entities and organizations.

For any clients that may be directly impacted or looking for cybersecurity best practices, we recommend reviewing our Cyber Readiness blog post, which includes tips like:

1. Enabling Multi-Factor Authentication on Netchex and other critical accounts.
2. Auditing critical accounts for unusual activity.
3. Ensure your company has security training and policies in place.

You should monitor your local news and communicate with other critical vendors to ensure your information is safe. If you or a team member believe your personal information may be at risk, we recommend visiting IdentityTheft.gov to make a custom recovery plan to protect yourself from identity theft.

Netchex completed its SOC 1 Type II audit for October 1, 2021, through September 30, 2022, audit period and is now available in the Netchex Security Portal.

Our SOC 1 reports on Netchex's controls relevant to User Entities' Internal Control over Financial Reporting (ICFR). Our SOC 1 report is Type 2, which reports on the controls design and operating effectiveness over 12 months.

Download Netchex SOC 1 Type II Report

Netchex has completed its review and can confirm that no internal corporate systems are vulnerable to OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786.

Netchex has completed a review of its application infrastructure to confirm that there are no instances of OpenSSL vulnerable to CVE-2022-3602 and CVE-2022-3786.

Additional technical details are below:

All Netchex users connect to the Netchex application through our Web Application Firewall (WAF), which uses BoringSSL instead of OpenSSL. Additionally, all other publicly exposed infrastructure has been reviewed and confirmed to be free of impacted versions of OpenSSL.

The Netchex security team has regularly scheduled scans for all other internal resources to confirm that there are no vulnerable versions of OpenSSL in its corporate environment. We will post an update early next week on the results of these scans.

A vendor that does not practice cyber readiness can directly impact your ability to conduct business and put your employees and customers at risk. Therefore, it is crucial to have a Benefits, HR, and Payroll partner you can trust.

Netchex is here to help by ensuring the data you entrust us with is safe and cyber ready, as well as provide you with free resources for your business to be cyber ready as well.

Read More: Making Netchex Safe & Secure: What Does it Mean to be Cyber Ready?