Today we have great news to share! Definitive Healthcare is now SOC 2 Type 1 compliant.
This achievement is another milestone in our ongoing commitment to protect our clients’ sensitive data, adhere to the highest industry standards for security controls, and reduce the risk of costly data breaches that can impact our customers’ businesses.
Read on to learn more about SOC 2 certification and what it means for you and your company.
What is SOC 2 compliance?
SOC 2 (Service Organization Control 2) compliance is a comprehensive security framework developed by the American Institute of Certified Public Accountants (AICPA). The organization established rigorous criteria that specify how businesses should protect customer data from unauthorized access, security incidents, data breaches, and other vulnerabilities.
A third-party auditor then evaluates the effectiveness of an organization’s policies and procedures that safeguard data and other assets from bad actors and security threats. Specifically, the audit focuses on the following areas:
- Security. In this area, the auditor evaluates how information is protected against unauthorized access and events that could compromise a system’s integrity, confidentiality, or privacy. This includes two-factor authentication, firewalls, encryption, and more.
- Availability. This principle focuses on how accessible information is to employees within your organization as well as to customers. It also reviews an organization’s ability to maintain operational uptime, recover from disaster, backup data, and more.
- Integrity. Auditors look to see if your data processing is timely, accurate, and valid.
- Confidentiality. This area refers to the policies in place that restrict access and disclosure of private information. This also includes trade secrets and intellectual property.
- Privacy. Auditors review how well your organization communicates with customers about their data, how it is accessed and used, as well as options for opting out or limiting data use.
Why is SOC 2 compliance important?
To understand why achieving SOC 2 is important, all you have to do is look at recent headlines:
- Television provider Dish Network was hit by a ransomware attack in February that exposed confidential records and sensitive information belonging to current and former employees. Based on letters sent to the impacted people, Dish Network likely paid the ransom, as it noted that the extracted data had been deleted.
- In April, Toyota disclosed that a data breach on its cloud environment revealed the car location information of more than two million customers over a 10-year period.
- T-Mobile reported a threat actor stole the personal information of 37 million customer accounts in January. The company then suffered a second data breach a month later, which impacted 836 customers.
The healthcare industry fares no better. According to Definitive Healthcare data, there were 693 healthcare-related data breaches in 2022, exposing the private health information of more than 52 million people. Cyberattacks like ransomware can be severely harmful to patient care, resulting in longer lengths of stay, procedure delays, and increased complications and mortality rates.
What this means for our clients
Cybercrime is a growing threat to companies of all industries, making information and data security a top priority for everyone.
So, while becoming SOC 2 compliant is not a requirement for SaaS and cloud computing companies, it was the right step to take—one that aligns with our goal to be a partner our clients trust as they navigate and compete in the healthcare market.
Definitive Healthcare has implemented a full compliance and risk management program to ensure that we continue to adhere to the tenets of our SOC 2 compliance certification. These measures help us protect your data more effectively from data breaches and other vulnerabilities that may impact your business. Our compliance and risk management program also allows us to be more transparent with you regarding the steps we’re taking to keep your data secure.
Achieving Type 1 compliance is a big step, but we’re not finished yet. To further keep your data safe, we are actively pursuing SOC 2 Type 2 compliance and expect to receive it by the end of 2023. SOC 2 Type 2 holds companies to an even higher bar, demanding an even more robust security program—so stay tuned!
For more information on our SOC 2 compliance, our privacy program, and how we currently store and secure our clients’ data, please reach out to your Customer Success Manager.