Readiness assessment is essential for any organization and we know how to prepare it with minimal impact.
What is an SOC Assessment?
Healthcare organizations must prove the integrity of their control environment to ensure their patients and clients that they have taken every precaution to protect their PHI. Achieving an SOC (Service Organization Control) certification means that an independent Certified Public Accountant has examined the internal controls that you have put in place. SOC reports provide objective, trustworthy information about your organization’s controls, and helps you assess and address any potential risks through a set of Trust Principles:
- Security — The system is protected against unauthorized access, both physical and logical
- Availability — The system is available for operation and use as committed or agreed
- Processing Integrity — System processing is complete, accurate, timely, and authorized
- Confidentiality — Information designated as confidential is protected as committed or agreed
- Privacy — Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice, and with the criteria set forth in Generally Accepted Privacy Principles (GAPP)
A SOC report demonstrates to your customers and clients that you reliably protect sensitive data, have risk management processes in place, and gives you proof of compliance that all your controls have been verified by an independent 3rd party.
Why use Conduro?
A readiness assessment is essential for any healthcare organization, especially those who are new to the SOC Framework. Conduro has been on both sides of SOC assessments and we know how to prepare with minimal impact on your daily business.
The shear scope of considerations and policy documentation requirements for these assessments can be overwhelming. Conduro will help you determine which of the five Trust Principles — a few or all of them — to include for reporting.
The SOC framework, including SOC 1, SOC 2 and SOC 3, is also highly dependant on having documented information security and operational policies and procedures in place — it’s a big, and often overlooked component of regulatory compliance. Conduro will work with you to make sure all of your documentation is accurate and in place.
SOC 2 Readiness
SOC 2 compliance is gaining traction as more and more technology-oriented healthcare organizations adopt it as the primary framework for reporting on controls. SOC 2 is proving to outpace the much more well-known SOC 1 SSAE 16 standard. We have a strong technical and operational understanding of SOC 2, to make sure you are prepared for your independent audit.
Here’s How Conduro Helps
Conduro’s methodology is based on fact finding interviews, surveys, and questionnaires within the affected departments. Below is a brief description of each step of the process.