Andesa Services Successfully Completes SOC 1©, SOC 2©, and SOC 3© Examinations


“Andesa understands that data privacy is a fundamental right and data security is critical to every client experience across all of our offerings.”

Andesa Services, the leading provider of cloud-based Policy and Plan Administration solutions to life insurance, annuity carriers and benefit participants, announced today the successful completion of its annual Service Organization Control (SOC) examinations. The SOC examinations were conducted according to attestation standards created and managed by the American Institute of Certified Public Accountants (AICPA). The AICPA has established three, distinct SOC examination engagements – SOC 1©, SOC 2© and SOC3©.

Andesa has delivered the following reports to its clients:

  • SOC 1©/Type II reports – For service organizations that examine the design and operating effectiveness of Andesa’s internal controls over financial reporting as they relate to both Andesa’s Policy and Plan Administration solutions.
  • SOC 2©/Type II reports – Which evaluate an organization’s Information Security as they relate to both Andesa’s Policy and Plan Administration Solutions.
  • SOC-3© reports – Summary reports issued upon successful completion of SOC 2©/Type II as they relate to both Andesa’s Policy and Plan Administration Solutions.


Andesa Services retained an independent third-party provider of industry leading SOC attestation and compliance services for its SOC audit work. The audit included examination of Andesa Services policies and procedures, system development lifecycle, data centers, logical access, backup and disaster recovery and other critical operational areas. Upon the completion of the audit, Andesa Services received an unqualified opinion demonstrating that their infrastructure, policies and procedure meet or exceed the strict SOC 1© and SOC 2© criteria. Because SOC 1© and SOC 2© independently verify the validity and functionality of Andesa Services’ control activities and processes, our clients can be assured that the highest level of internal controls and security are established and maintained.

Roy Peterson, Chief Technology Officer at Andesa Services says, “Andesa understands that data privacy is a fundamental right and data security is critical to every client experience across all of our offerings. Andesa continues to invest heavily in ensuring security and availability of our services. The completion of our SOC 1© and 2© Type II audit demonstrate to Andesa Services clients that we are dedicated to safeguarding our systems and data and that we are in line with industry standards and best practices.”

About Andesa:

Founded as Andesa Companies in 1983, Andesa Services was a pioneer in the field of corporate-owned life insurance (“COLI”) and bank-owned life insurance (“BOLI”) policy administration. The Company began administering its first large-case COLI business in 1987. Today, more than 30 years later, the Company partners with numerous insurance companies, including 7 of the top 13 life and annuity carriers, and several top distributors. The Company offers a suite of services through software-as-a-service (“SaaS”) and Third Party Administration (“TPA”) models using streamlined, secure cloud technology. Andesa offers hosted administration and illustration services for any type of product or block, and provides administrative support for complex plan and product offerings.

Share article on social media or email:

Leave a Reply