Today, we are excited to announce that Policy Administration Solutions is SOC 2 Type II compliant. Our platform, technology, processes, and procedures have been assessed by Wolf & Company, P.C. – an external, independent auditor – and we have met the highest standards.
What is SOC 2 compliance?
SOC 2 is a process a company undergoes to assure their customers that their data is securely managed to protect their interests as well as the privacy of their users. SOC 2 defines five trust service principles for managing customer data: security, availability, processing integrity, confidentiality, and privacy. External auditors like Wolf & Company, P.C. determine whether a vendor complies with one or more of the five trust principles based on the systems and processes in place, and issue a certificate of compliance.
How is SOC 2 Type II compliance different from SOC 2 Type I compliance?
A SOC 2 Type I certificate demonstrates the effectiveness of controls in an organization at a specific point in time. The SOC 2 Type I report describes the controls provided by the management of the organization and attests to their suitability. In contrast to a one-time check, SOC 2 Type II monitors the controls over time and checks their operating effectiveness. As a result, the SOC 2 Type II evaluation process is more rigorous and reliable. Many companies prefer Type II certification when evaluating a vendor’s security posture.
Why is SOC 2 Type II certification important for a company like PolicyAdministration Solutions?
Many of our customers operate in highly regulated industries like healthcare and financial services and trust us to keep their form data secure. A SOC 2 Type II certification assures our customers that Policy Administration Solutions maintains a high level of information security. Testing these requirements (via penetration tests and other audit tests) can ensure that sensitive information is handled well over time, rather than just once. It gives our customers even greater peace of mind.
What other security standards do Policy Administration Solutions adhere to?
Policy Administration Solutions is also HIPAA compliant. This means that we follow a set of regulatory guidelines that outline how Protected Health Information (PHI) can be used and disclosed in a lawful manner.
Want to learn more?
