Trust Center. security and compliance for financial institutions
Every BDI client is a regulated financial institution. As the long-term strategic partner to credit unions and community banks for 42 years, our security and compliance program is built for the credit union examiners, bank chief information security officers, and vendor risk reviewers who evaluate every print and mail vendor before a contract is signed. Request the current SOC 2 Type II report below.
Audit and compliance program
BDI maintains a continuous audit and compliance program built specifically for the regulated financial-institution buyers we serve. The following artifacts are available on request to qualified prospects and existing clients.
Our SOC 2 Type II audit is performed annually by an independent firm. The most recent report is dated April 14, 2026 and covers security, availability, and confidentiality trust service criteria. Request the current report below.
Data handling & encryption
Member data files arrive at BDI over secure file transfer with mutual authentication. Files are encrypted at rest from ingestion through archive, decrypted only inside the production pipeline by authorized service accounts. Access is logged, audited quarterly, and tied to named individuals.
The print floor and mailing facility operate on a segregated network with no direct internet egress. Decommissioned media is wiped to DoD 5220.22-M standards and certificate of destruction is provided on request.
Facility & operational controls
BDI operates from a SOC 2-audited primary facility in Inglewood, California with a documented business continuity and disaster recovery program. Physical access controls include 24/7 monitoring, badge-only entry to production floors, and background-checked staff. Production runs on redundant equipment lines with documented failover procedures.
For client institutions in California, BDI's facility is in your time zone with same-business-day issue escalation.
Request the current SOC 2 report
Vendor risk teams, CISOs, and procurement leads at qualified prospects and existing BDI clients can request the current SOC 2 Type II report and supporting documentation directly. The information security contact and request workflow are documented below.
Information security contact: infosec@businessdatainc.com
Vendor risk inquiries: info@businessdatainc.com
Phone: 855.234.2255
For routine vendor risk reviews, please send a signed mutual NDA and your institution's vendor information form to the address above. We respond to qualified requests within one business day.
Frequently asked questions
When was BDI's most recent SOC 2 Type II audit completed?
BDI's SOC 2 Type II audit is performed annually. The most recent report completion date and audit firm are provided on request through the workflow above. Trust service criteria covered: security, availability, and confidentiality.
Does BDI carry cyber insurance?
Yes. Insurance certificate and coverage details are available on request as part of standard vendor risk review packages.
Where is member data stored, and for how long?
Member data is stored in BDI's segregated production environment in the continental United States. Retention follows the schedule defined in your contract. Typically 7 years for archived statements, configurable per regulatory requirement.
What happens to printed statements during the print and mail cycle?
Printed statements are tracked piece-by-piece through production, mail induction, and USPS handoff. Spoilage and reprints are destroyed on-site to DoD media destruction standards with certificate of destruction available on request.
Request the current SOC 2 Type II report.
Qualified prospects, existing clients, and vendor risk reviewers can request the current report and supporting documentation directly.
Email info@businessdatainc.com