SOC stands for “System and Organization Controls,” and the controls are a series of standards designed to help measure how well a given service organization conducts and regulates its information. The purpose of SOC standards is to provide confidence and peace of mind for organizations when they engage third-party vendors.

Organizations are growing increasingly sensitive to the potential financial and reputational risks associated with using service providers. Now, more than ever, customers, regulators, and business partners want to know that their data is being properly protected by their service providers.

The need for such knowledge about data security has placed a growing burden on the service providers themselves, and many are now investing significant time and resources towards responding to the various independent attestation requests they receive from their customers.
With SOC 2 reporting, service providers can now take a more efficient approach that can deliver improved customer confidence and potentially reduce costs.
Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

More specifically, SOC 2 is designed for service providers storing customer data in the cloud. It requires companies to establish and follow strict information security policies and procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data.

​How is SOC 2 Type 2 Different than Type 1?

​While the Type 1 report highlights our policies and procedures for ensuring Trust Factor criteria, the Type 2 process requires a 6 month audit period by a third party. In other words, the SOC2 Type 1 is a point in time measurement of the policies and procedures used to manage the Trust Factors, while SOC2 Type 2 is proving that those policies are followed, with hard evidence, in a 6 month reporting window.

What Does the SOC 2 Type 2 Audit Examine?

SOC 2 looks at five Trust Factors of secure data processing and storage. Demonstrating proficiency across one of more of these criteria is an attestation to the privacy and security controls:

• Security: the system is protected against unauthorized access, both physical and logical
• Availability: the system is available for operation and use as committed or agreed
• Processing Integrity: system processing is complete, accurate, timely, and authorized
• Confidentiality: information designated as confidential is protected as committed or agreed
• Privacy: personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with the criteria set forth in Generally Accepted Privacy Principles (GAPP)
  
  

SOC 2 reports can address one or more of the above Trust Factors. While there is not a checklist to identify which Trust Factors should be in scope, Security is the most important/notable area for focus, as many foundation areas of the other four Trust Factors are represented, and thus included it in our most current review.

What Does SOC 2 Type 2 Compliance Mean for Evariant Customers?

​SOC 2 Type 2 compliance assures our customers that we have best-in-class safeguards and procedures in place to ensure the security of their information. With over 1,000 hospitals leveraging the actionable intelligence provided by our Patients for Life Platform to drive high-value service line growth, extend patient lifetime value, and improve provider network utilization and planning, SOC 2 Type 2 compliance demonstrates that Trojan Hunt India's security policies, measures, and procedures rigorously protect the consumer