SOC compliance is a term our industry is used to hearing, but one that can cause confusion for many of us who don’t know exactly what it means or why it’s so important.
We’re breaking down everything you need to know – and nothing you don’t.
What does SOC stand for?
SOC stands for Service Organization Control. There are a few different types of SOC reports – simply put, SOC 1 deals with financial information and SOC 2 deals with non-financial information. Specifically, SOC 2 gives information service providers (like software companies) a way to verify their controls for protecting and securing data, as well as making sure it’s accessible.
Why should you care about SOC 2 compliance?
Becoming certified is a rigorous process wherein a third-party CPA firm conducts a SOC 2 audit of a company’s availability, security, privacy, confidentiality and system integrity controls (otherwise knows as statement on standards for attestation engagements, or SSAE). Translation? Your software vendor gets put through the ringer, and you get peace of mind knowing they came out on the compliant side.
This is crucial for companies (i.e. your software vendor) that handle protected health information (PHI) and are therefore subject to patient-protection laws, like HIPAA. It’s equally crucial for companies whose customers (i.e. you) depend on them to run their business.
Can it get any better?
In addition to good ‘ole reliability, SOC 2 certification assures your super smart IT engineers that a software vendor will meet their compliance or IT governance requirements, which makes the evaluation process much less nails-on-a-chalkboard-esque. If your therapy company or homecare agency is part of a publicly traded corporation, SOC certification offers a way for outside parties to perform due diligence of a vendor’s services – oh, and, it’s a requirement for doing business.
What should you do?
It’s simple. Only partner with software vendors that are SOC 2 compliant! They’ll spend time worrying about your data, so all you have to worry about is restoring vitality to those stellar patients you’re treating.
Besides SOC certification, what else should you look for in a software vendor? Download our buyer’s guides to learn the key areas to evaluate.