Compliance and Risk Audits

Information Security Audit

Every year Clareity gets calls when industry organizations have been hacked. A hacking incident can damage reputations, impede an organization’s ability to conduct business, and cause financial harm. Such incidents could often have been prevented had the business managers taken reasonable steps to protect the organization.

Clareity is the most experienced real estate security auditing firm, and provides security audits for many top MLSs, Associations, brokerages, and technology companies. The audit covers information security policies and procedures, human resources practices, physical security, networking, device configurations, OS and platform configurations/updates, software security, and more. The audit includes use of automated testing tools, manual testing, and proprietary Clareity checklists. Clareity will educate staff on use of each security tool and checklist, in as much depth as makes sense for your staff; using these tools, checklists, and methods will help your organization maintain security over time. If needed, Clareity will also evaluate SaaS contracts; Clareity will non-intrusively test and provide guidelines for evaluating the security posture of any third party software services that may be in use.

Risk Management Audit and Business Resumption Planning

Clareity helps organizations evaluate risk in a wide variety of areas including:

  • Physical Security
  • Flood/Water
  • Housekeeping
  • Fire Control
  • Electrical Power
  • Climate Control
  • Personnel
  • Computer Usage
  • Hardware
  • Software
  • Access/Data/File Controls
  • Communications/Network
  • Development
  • IT Operations
  • Telephone / Voice Mail
  • Contingency Planning

Clareity also helps organizations evaluate their Business Resumption Plan or draft a new one. This service is often performed in conjunction with an Information Security Audit, since there is some overlap in the assessment scope.

IDX / VOW Compliance Review

MLSs must establish consistent auditing criteria and processes to avoid speculation or lawsuits regarding discrimination against broker and technology providers. Clareity’s IDX and VOW Compliance Review services help ensure that these highly technical audits are thorough and that standardized criteria are consistently applied. Clareity can provide complete auditing services or work with MLS staff to collaborate on audits.

Even if the MLS staff currently performs IDX and VOW compliance reviews, when a violation is suspected or confirmed, it can be valuable to have a third party like Clareity confirm the violation and provide an independent compliance report to avoid friction between the MLS and members or technology providers.


“Clareity did a great job for us with the security audit. I can’t imagine any other firm providing an audit anywhere near as valuable and thorough as the services we received. [We] will be a much better operated company as a result of Clareity’s evaluation and advice.”

James Harrison, President & CEO, MLSListings

“Clareity thoroughly reviewed CMLS operations and provided a detailed, prioritized list of the security risks facing our organization. They provided us with the information and tools we needed to make our systems more secure and to maintain better security over time. The follow-up has been great, too.”

Steve Byrd, Chief Information Officer, Carolina Multiple Listing Services

“The audit is very comprehensive. The information covered is exactly what we are looking for. Matt’s knowledge of the material is truly impressive and his ability to convey the information has made it easier for myself and my staff to understand.”

Martin Scrocchi, President & CEO, CDM (TransactionDesk)