THE COMPLIANCE OBJECTIVE: WHY WIZNI APPROACHED CERTPRO

Wizni pursued compliance as a business catalyst rather than a compliance exercise. A formal third-party assurance helps them prove that their data security and privacy controls meet industry expectations. Moreover, such a commitment is essential to satisfy the security requirements of their enterprise customers, lenders, and partners.

To address these requirements, Wizni committed to achieving:

• SOC 2 Type I and Type II compliance under the Trust Services Criteria for Security, Confidentiality, and Privacy.
• An external CCPA assessment to validate alignment with California privacy obligations.

Together, these assessments provided Wizni with independent confirmation that its controls were properly designed, operating effectively over time, and aligned with privacy rights and disclosure obligations.

However, achieving assurance across SOC 2 and CCPA required precise interpretation of AICPA guidelines, disciplined evidence management, and consistent validation across technical, operational, and privacy teams. Wizni partnered with CertPro to manage this process with structure, independence, and clarity.

KEY CHALLENGES IN SOC 2 AND CCPA ASSURANCE

Wizni encountered several practical challenges during the assurance journey:

• To demonstrate full coverage of Security, Confidentiality, and Privacy criteria across system boundaries.
• To conduct a manual CCPA assessment that required detailed mapping of data collection, consent handling, disclosures, and consumer rights processes.
• To maintain audit discipline without disrupting ongoing product development and business operations.

Addressing these challenges required both technical audit expertise and an approach that respected Wizni’s operating pace.

CERTPRO’S AUDIT-DRIVEN METHODOLOGY

CertPro applied its standard audit workflow to support Wizni’s SOC 2 and CCPA engagements.

Planning and Scoping: CertPro worked with Wizni to define system boundaries, audit scope, and applicable Trust Services Criteria. Timelines were defined for both SOC 2 Type I and Type II reporting periods, with clear expectations around evidence availability. As planned, the SOC 2 Type I audit was conducted first, followed by the observation period. Upon completion of the observation period, the SOC 2 Type II audit and CCPA assessment were carried out. This approach helped establish a shared understanding across teams and reduced ambiguity in the audit process.

SOC 2 Audit Execution: CertPro tested control design and operational effectiveness across key domains, including access management, data protection, logging, monitoring, and incident response. 

Wherever applicable, our team verified the authenticity of the updated evidence from the compliance automation platform that Wizni used. We confirmed that periodic monitoring activities were performed consistently throughout the audit period. This process supported a firm and independent validation of control operations over time.

CCPA Privacy Assessment: CertPro conducted a manual CCPA evaluation focused on data collection practices, consent mechanisms, consumer request handling, identity verification, data subject access, disclosures, and deletion workflows. This process verified how consumer rights were documented, executed, and communicated. It also allowed us to ensure Wizni’s alignment with CCPA transparency and accountability requirements.

Reporting and Assurance Delivery: CertPro prepared SOC 2 Type I and Type II reports, along with a separate CCPA assessment report. Each report summarized scope, testing results, observations, and recommendations that supported Wizni’s ongoing compliance maturity.

THE OUTCOME: VERIFIED ASSURANCE AND BUSINESS EXCELLENCE

Through CertPro’s independent audits, Wizni achieved the following:

• SOC 2 Type I and Type II compliance under the Security, Confidentiality, and Privacy criteria.
• A complete external CCPA assessment validating their alignment to privacy regulations.
• Independent confirmation of control effectiveness and data protection practices.
• Stronger trust with enterprise customers, lenders, and partners.
• Readiness for future audit cycles and constantly changing regulatory expectations.

The assurance outcomes boosted Wizni’s position as a fintech platform that treats security and privacy as operational priorities.

FINAL THOUGHTS

Wizni’s SOC 2 and CCPA engagements reflect a disciplined approach to trust, accountability, and market readiness. As a result, they upheld their credibility in a highly regulated financial environment by confirming both the design of their controls and the performance of their operations.

CertPro supported this journey by providing independent assurance, clear audit execution, and practical guidance that matches with real operating conditions.

For fintech organizations handling sensitive financial and personal data, this case demonstrates how structured assurance can support growth, build customer trust, and ensure long-term compliance maturity when executed with the right audit partner.