TripActions Completes PCI and SOC 1 Type I

Demonstrating its continued dedication to transparency, security, and accuracy, TripActions successfully completes two system reviews related to financial processes

PALO ALTO, CA, September 7, 2021—TripActions, the fastest-growing travel and spend management platform, today announced its completion of two third-party system reviews, Service Organization Controls (SOC) 1 Type I and Payment Card Industry Data Security Standard (PCI DSS), for its travel booking and expense solutions.

The SOC 1 Type I audit provides a comprehensive review of the business processes and IT controls of TripActions and TripActions LiquidTM — the company’s fintech spend solution — validating the accuracy of data processing and storage. Having also completed PCI DSS compliance, TripActions received PCI AOC (Attestation of Compliance) reports both as a merchant and service provider.

As a global organization with more than 5,000 customers worldwide, TripActions takes its commitment to privacy and security seriously. The SOC 1 Type I attestation assures customers and vendor partners that TripActions has established internal controls to achieve customers’ objectives for financial reporting.

“TripActions has achieved a significant milestone in its continued security and compliance journey to help build and retain customer trust with the completion of SOC 1 Type I,” said Prabhath Karanth, Director of Security, Compliance, and Assurance at TripActions. “The SOC 1 report further demonstrates TripActions’ ongoing commitment to handle customers’ financial information safely and securely, and provides third-party assurance that TripActions has established internal controls to achieve customers’ financial reporting objectives.”

Developed by The American Institute of CPAs (AICPA), SOC 1 Type 1 is an auditing procedure for service organizations that manage information related to customers’ financial reporting or financial controls. Specifically focused on financial data processing and accuracy, TripActions’ SOC 1 attestation is most relevant to customers using TripActions Liquid, as the audit successfully reviewed the organization for accuracy of data processing and storage.

Additionally, the organization renewed its PCI DSS certification for 2021, which verifies TripActions has taken the security measures required to efficiently safeguard cardholder data, distribute cards, and process cardholder information. The certification provides further validation of TripActions’ commitment to transparency, safety, and security for customers and partners, and regulators.

PCI DSS is administered by the Payment Card Industry Security Standards Council. A set of security standards, the certificate ensures that companies that accept, process, store, or transmit credit card information maintain a secure environment, reducing the risk of fraudulent activity and data breaches.

TripActions will continue to make enhancements to its infrastructure by adding additional layers of redundancy and increasing monitoring coverage of its platform. The SOC 1 Type I attestation report — along with the SOC 2® Type II attestation TripActions announced in April 2021 — is now available on Whistic as part of TripActions’ security profile. These reports can be requested by customers and prospects upon request under a non-disclosure agreement.

Visit TripActions Trust & Transparency page for more information about ongoing efforts to ensure Privacy, Security, and Compliance.

About TripActions

Fast becoming the default for corporate travel and spend management, TripActions is the leading cloud-based T&E platform that combines industry-leading technology with best-in-class travel agency service. Trusted by travel managers and finance teams alike at more than 5,000 companies globally, TripActions leverages real-time data to keep traveling employees safe, control costs, and save time. www.tripactions.com