Finducation™

Finducation - EZBudget™

Security Audit and Assurance Policy

Internal security assessments and audit readiness for partner due diligence.

Document ID: EZB-AUD-001
Version: 1.0
Effective Date: July 8, 2026
Last Review Date: July 8, 2026
Assessment Cadence: Annual minimum + event-driven
Owner: Deseo Developers LLC (Engineering/Security)

1. Policy Statement

EZBudget currently tests the effectiveness of its information security program through structured internal control assessments performed by designated engineering personnel. As of the effective date of this document, EZBudget has not yet completed a formal third-party SOC 2, ISO 27001, or equivalent external security audit.

Internal Assessments Control Effectiveness Reviews

2. Scope

  • EZBudget application, APIs, and supporting infrastructure
  • Authentication, authorization, and data protection controls
  • Secure development, deployment, and operational processes
  • Third-party service integrations that process or support consumer data

3. Internal Assessment Program

  • Designated internal personnel perform recurring control self-assessments.
  • Internal reviews validate policy adherence, control operation, and remediation status.
  • Findings are tracked to closure with owner assignment and due dates.
  • Internal assessment outputs inform annual governance and risk treatment updates.

4. Assessment Cadence

ActivityMinimum FrequencyOwner
Internal control self-assessmentQuarterlyEngineering Lead
Post-incident control validationAs neededIncident Response Lead
Major architecture/integration change reviewEvent-drivenEngineering/Security

5. Evidence and Reporting

  • Assessment plans, findings, remediation actions, and closure evidence are documented.
  • Executive summary reports are reviewed by policy owner and engineering leadership.
  • High-severity gaps receive prioritized remediation and follow-up verification.
Internal evidence sources include documented security policies, automated SQL injection guardrails, secure coding standards, and operational control artifacts maintained in source-controlled documentation.

6. Due Diligence Mapping

Questionnaire AssertionPolicy Position
Organization performs its own internal assessments Yes - Recurring internal control self-assessments with documented remediation tracking
Independent external audits completed Not yet - External audits are planned for a future phase and are not represented as completed as of the effective date.

7. Approval

This policy is approved for external partner due diligence responses, including Plaid security/governance questionnaires.

Approved By: Deseo Developers LLC - Authorized Representative

Date: July 8, 2026

Contact: contact@deseodevelopers.com