In the face of increasingly sophisticated and more frequent cyberattacks that threaten the sensitive data of all healthcare providers, vRad is continuously advancing our systems to predict, prevent, and respond to these threats. The latest milestone in our commitment to safeguard patient information and other sensitive data is our achievement of SOC 2 Type II compliance.
System and Organization Controls (SOC) reporting is one of the best and most widely used methods of demonstrating adherence to effective information technology controls. While SOC 1 focuses on controls relevant to financial reporting, SOC 2 is for service providers that store, process, or transmit any kind of protected information. SOC 2 compliance requires evidence that systems are secure and can cover up to four additional “trust services criteria”— availability, processing integrity, confidentiality, and privacy. vRad’s audit focused on security and availability.
SOC 2 Type II is a known and trusted framework used by security experts of major service providers across all sectors, including healthcare. Audits are conducted by an independent third party over an extended period time—up to 12 months—which avoids blind-spots that could be introduced in a single, snapshot audit. The extended audit approach of SOC 2 Type II allows us to demonstrate that key elements of our security program—process monitoring, encryption control, intrusion detection, user access, and disaster recovery—operate effectively over the long term. Maintaining a high level of security is integral to our operation and continued success in protecting data and building trust.
Vigilance in cybersecurity is ongoing at vRad. Achieving SOC 2 Type II compliance is one more milestone in our continuous commitment to our clients and patients of protecting all systems and data.
If you have any questions about our SOC 2 Type II certification, please contact your account manager or submit the “Contact Us” form and we’ll be in touch right away.