“Is Your Technology Partner Audited?” – The Question That Could Hurt Not To Ask

Follow by Email

Newsflash: we are living in the height of the digital age and our ability to analyze and store massive amounts of data has never been greater, or more beneficial to how we do business. Okay, you probably knew that, but what you may not know is that this technological golden age comes with a giant, unintended consequence: cybersecurity threats. That’s right, information security has never been more critical, and yet there is a good chance that you are trusting your privileged, confidential and highly sensitive data to a technology partner that may claim to provide the adequate protocols and controls to safeguard it, but unfortunately does not.

You may have heard of something called “SOC 2 Compliance,” but aren’t exactly sure what it is or how it relates to information security. Don’t worry, you’re not alone. A Service Organization Control SOC 2 Type II attestation engagement report – try saying that three times fast – provides independent auditing and validation that a company’s internal security controls are in accordance with the American Institute of Certified Public Accountants’ applicable Trust Services Principles and Criteria. Many companies – healthcare companies in particular – infer security policies and protocols are in place simply by pointing to SOC 2 attestations attained by their data center or third party providers. However, this view is short-sighted, insufficient and shouldn’t make you feel all warm and cozy, because it fails to show a commitment to the organization’s own in-depth analysis of their internal controls.

SOC 2 certification is issued and maintained by an outside auditing entity that provides thorough oversight and assessment, ensuring that the commitment to information security made by your technology partner cannot be ignored, overlooked or compromised. In fact, auditors not only monitor the maintenance of security policies and protocols based on the systems and processes in place, but they also determine the extent to which they are compliant with the five trust service principles: security, availability, processing integrity, confidentiality and privacy.

The importance of SOC 2 Compliance cannot be overstated, especially when the healthcare industry currently suffers from the largest cybersecurity attack potential with cybercriminals constantly refining and upping their efforts to target this data. While third party security is of course important, the question you should really be asking – but probably aren’t – is, “What security attestations do the organizations safeguarding your data have in place? The time to focus on this issue is long overdue, and the truth is, if your technology partner doesn’t possess an internal SOC 2 compliance, there is no way it can ensure that your data is safeguarded in an application or protected during employee access, leaving your information vulnerable and exposed – albeit unintentionally. However, SOC 2 Compliance provides an all-encompassing level of scrutiny that gives you the reliable peace of mind and assurance you want and need when it comes to the security and protection of your information.

So don’t be shy, and ask your technology partner if they have attained – or plan to attain – SOC 2 Compliance. If not, you’ll know that they aren’t doing everything they can to protect your data from cyber security threats.

You know how valuable your data is – why risk it?     

Get the latest posts in your inbox!