SOC 2 Type II Journey
AWS Infrastructure
Encryption in Transit & At Rest
Role-Based Access Controls
Vanta Continuous Monitoring
SOC 2 Type II Journey
FolioMax is actively progressing through its SOC 2 Type II compliance journey as part of our ongoing commitment to enterprise security, operational maturity, and client trust. Our compliance initiatives are designed to support the security expectations of RIAs, banks, family offices, and institutional wealth management firms operating in highly regulated environments.
Through continuous monitoring, documented operational controls, evidence collection, and ongoing process improvements, we are building a security framework aligned with industry best practices across security, availability, access management, change management, and business continuity.
AWS Infrastructure
The FolioMax platform is hosted on enterprise cloud infrastructure designed to support scalability, resiliency, operational reliability, and secure data handling. Our infrastructure architecture leverages modern cloud services and secured networking practices to support platform performance, availability, and environment isolation.
Infrastructure configurations, monitoring processes, and operational controls are continuously reviewed to support a stable and secure platform experience for our clients and users.
Encryption in Transit & At Rest
FolioMax uses industry-standard encryption protocols to help protect sensitive financial and operational data both in transit and at rest. Data protection measures are designed to support the confidentiality and integrity of client information across the platform.
Security considerations are incorporated into platform architecture, data handling practices, and operational workflows to help reduce risk and support secure processing of sensitive financial information.
Role-Based Access Controls
FolioMax utilizes role-based access controls and authentication mechanisms designed to help ensure users have access only to the systems, features, and data appropriate for their role and responsibilities.
Access management practices are intended to support operational oversight, reduce unnecessary exposure to sensitive information, and maintain appropriate administrative governance across the platform environment.
Vanta Continuous Monitoring
FolioMax leverages continuous monitoring processes and operational oversight to help maintain platform security, infrastructure visibility, and control effectiveness. Monitoring activities include infrastructure visibility, operational reviews, system oversight, and ongoing control management initiatives.
Our compliance and operational monitoring program is supported through Vanta, enabling centralized visibility into security controls, evidence collection, and compliance-related workflows.
Secure Development Lifecycle
Security considerations are integrated throughout the software development and deployment lifecycle, including platform updates, operational maintenance, infrastructure changes, and ongoing system improvements.
FolioMax incorporates structured development and deployment processes designed to support platform reliability, operational consistency, and secure delivery practices as the platform continues to evolve and scale.
Security is foundational to how FolioMax operates.
We understand that wealth management firms operate in a highly regulated, trust-driven environments where confidentiality, operation controls, and data integrity are crit.
FolioMax is designed to support enterprise-grade workflows involving portfolio analysis, proposal generation, tax-aware SMA & UMA implementation, and household-level portfolio intelligence.
Security is integrated into every layer of the FolioMax platform - from infrastructure and authentication to operational monitoring and access governance.
Built for institutional wealth management workflows.
FolioMax supports sensitive financial workflows across statement analysis, proposal creation, transition planning, SMA/UMA implementation, portfolio monitoring, and operational oversight.
Questions about security or compliance?
Our team is happy to discuss security practices, operational controls, platform architecture, and compliance initiatives with prospective and existing clients.