SOC 2 and HiTrust Compliance

SOC 2 and HiTrust Compliance

Today, we have signed to important compliance certification contracts that we thought might be of interest to you.  Precision Opinion will be taking the necessary steps to secure both SOC 2 Reports and HiTrust certification. Both have ongoing requirements, so not only do we plan to attain these reports/certifications as of a point in time, but on a perpetual basis as well.

We anticipate having SOC 2 completed by end of the summer (2020) and HiTrust within 8 months.

What is a SOC 2 report?

A SOC 2 report is intended to meet the needs of a broad range of users who need to understand internal control at a service organization as it relates to one or more of the American Institute of Certified Public Accountants’ (AICPA’s) Trust Services criteria of Security, Availability, Processing Integrity, Confidentiality or Privacy.

These reports are performed using the AICPA Guide: SOC 2® Reporting on an Examination of Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the organization and its internal controls.

What is HiTrust?

The HITRUST CSF is an overarching security framework that incorporates and leverages many existing security requirements that organizations must comply with, including requirements of federal (for example, HIPAA), state (for example, Massachusetts 201 CMR 17.00, Texas Health and Safety Code 181), third party (for example, PCI and COBIT), and other governmental agencies (for example, NIST, FTC, and CMS).

This is a great step into allowing Precision Opinion to enhance our data collection and insights capabilities moving forward. Would you like to know more about how these certifications can help us help you? Contact us today.