Verifiable is excited to share that as of March 2022 we are officially SOC 2 Type 2 compliant. We’re on a mission to drive efficiency, quality and compliance across the healthcare system by building a modern infrastructure for how provider networks are managed. That means security is always the highest priority for us. Achieving SOC 2 compliance is a milestone that will allow us to demonstrate our commitment to the security, availability, and confidentiality of the services we provide. Read on to learn more about SOC 2 certification.
What is SOC 2?
The AICPA (The American Institute of Certified Public Accountants) has developed an internationally recognized standard to ensure that companies are securely handling customer data. To meet the requirements, organizations must establish policies and procedures with adequate security controls in place for SOC 2 compliance as well as undergo annual independent third-party audits by experts who will verify their efforts against these tough guidelines.
What is SOC Type 2?
SOC Type II certification is the most comprehensive level of SOC compliance. It covers the design, implementation, and operating effectiveness of security controls. To achieve SOC Type II certification, an organization must demonstrate that its security controls are effective in protecting against unauthorized access, use, disclosure, alteration, or destruction of information.
Why did Verifiable prioritize SOC?
We are, first and foremost, a data company and feel adhering to the most stringent security standards should be top priority. The healthcare industry is facing ever-increasing threats to the security and privacy of data. Government agencies are now more than ever enforcing mandated regulations, such as HIPAA and SOC compliance to ensure data is protected. SOC certification is an important way for Verifiable to demonstrate our commitment to protecting our customers’ information. By building SOC compliant systems, we are helping our customers meet their compliance obligations and protect their patients’ data. We believe that Verifiable can play a significant role in improving the security of the healthcare system.
While many companies invest in SOC 2 compliance at a later stage, we prioritized it early on so you can confidently use Verifiable to reduce provider credentialing time and simplify critical operations. We believe in the power of our people and what we can achieve when they are committed to doing something well. That's why for us, SOC 2 compliance goes beyond the certification - it signifies an ongoing commitment towards operational excellence as well as data security so that your organization has peace of mind.
What did we do to achieve SOC 2 compliance?
Verifiable engaged an independent auditor, Prescient Assurance, to perform a SOC examination. The audit first assessed whether we had the right policies and processes in place, and if they were a fit for the purpose of our organization - this was how we achieved SOC2 Type 1. Then came an observation window. The independent auditor observed us for a number of months to ensure that we were adequately following our processes and managing any risk and issues appropriately. The audit covered our design, implementation, and operating effectiveness of security controls over our cloud-based hosting services and internally as a company. Our platform is used by healthcare providers and payers to manage provider networks and run automated credentialing at scale. The audit found that we met all the requirements for SOC Type 2 certification
Now that we are SOC Type II certified, our team will continue to work hard to ensure the security and integrity of the services we provide. Moving forward, we will also undergo annual recertification and focus on additional compliance certifications to invest in our quality improvement and measurement standards. We thank our partners and customers for their support in achieving this milestone. If you have any questions about SOC certification or Verifiable, please don’t hesitate to reach out.
Request a demo to learn what Verifiable can do for your provider network.