We run an ASP/ISV that processes mortgage applications, and as such, carry personal/financial data within our data warehouse. We’re currently in pursuit of our Type I and II audits, but, as a 3rd party vendor for mortgage companies and banks, what are we required to be certified for and consequently audited for? We’re constantly coming across different types of certification/audit requirements from different prospective clients, but, the standard few items (in the subject line) are still the common place.
Anybody working in the banking industry that can shed some light would be greatly appreciated.