SOC stands for System and Organizational Controls and is a framework developed by the American Institute of Certified Public Accountants (AICPA) to provide regular, independent attestation and verification of the controls that a company has implemented to mitigate information-related and data-related risk.
SOC2 reports have two versions: Type I, and Type II.
Type I captures the protections and controls of a business at a single point in time, allowing for verification of policies and systems.
Type II tracks and monitors these protections and controls of a business over a period of time, which verifies not only the policies and systems but also verifies that they are used according to policy during day-to-day activities.
Achieving our SOC2 Type II compliance means that we are following through on our dedication to continue to safeguard our client’s data, as well as our own data.
The SOC2 report is the standard bearer for cybersecurity attestation. A SOC2 compliant business is awarded a badge when a third party auditor verifies that they implement proper physical, technical, and administrative protections to secure their infrastructure and information.
With our auditor’s attestation of our SOC2 Type II compliance we display the AICPA SOC badge on our website, proud to have earned this badge reflecting our commitment to our clients and our understanding of the importance of ensuring safety and security in data storage and management.
In a SOC 2 Type II audit, the business brooks an examination of the policies, procedures, and systems they have in place to protect information across five distinct categories referred to as “Trust Services Criteria.” More details on each below.
The auditor requests evidence submissions from certain days and times over the course of the audit period (minimum three-months) and then reviews this evidence to determine whether or not the business has satisfied the criteria.
Controls that protect against unauthorized access or damage to systems as well as unauthorized disclosure of confidential or proprietary information. Examples of these criteria include endpoint protection and network monitoring.
Controls that ensure systems operations and availability at a level that meets stated business objectives. Examples of these criteria include performance monitoring and disaster recovery solutions and policies.
Controls that ensure systems perform in a predictable, efficient, and error-free manner. Examples of these criteria include software development lifecycle management and quality assurance procedures.
Controls that protect confidential information throughout its lifecycle from initial ingestion to processing and finally to disposal. Examples of these criteria include encryption policies and identity and access management solutions.
Controls specific to protecting personal information, especially that which is captured and collected from customers or clients. Examples of this control include privacy policies and client consent management.
pulseData uses data to provide visibility into the impact and cost of kidney care in your population.
Using your data we predict which patients are at-risk for Chronic Kidney Disease and End Stage Renal Disease, we can improve health outcomes and save on spend.
To do this, our solution must impact the care lifecycle, from data to delivery.
Analyze health records for member cohort across claims, EHR, labs, meds, notes etc.
Identify at risk population with highest CKD/ESRD risks and individual factor weights
Communicate and coordinate workflows and encounters with patient and provider consent (RN, MD, NP, SW)
Informed kidney care decision, support, centered around improved outcomes and quality of life