Streamline Verify Certified with SOC 2 Type II Certification!

Posted by Joe Stefansky on April 12, 2021 in Data Security,

Like you, Streamline Verify puts security first! In healthcare, data is sensitive and handling it properly is a pressing concern. That’s why we’re careful to implement cutting-edge systems and procedures that safeguard the transmission and storage of data. We make sure our company systems are annually audited and SOC 2 Type II certified. 

SOC 2 compliance certification remains the gold standard in assessing service provider performance against rigorous data security standards.  As an organization that is entrusted with its clients’ most sensitive information, this certification signifies the strong commitment to data security that is a hallmark of excellence in our field.

Why Seek a SOC 2 Type II Certification?

Information security is a concern for all organizations, particularly when key business operations, such as exclusion screening, are performed by third parties. With the proliferation of data breaches, malware use and hacks, there is understandable concern about how data sent outside an organization’s firewall is managed and controlled. A SOC 2 Type II certification proves to these organizations that a data service provider, like Streamline Verify, adheres to the most stringent safeguards to protect their clients’ data. 

What are SOC Reports?

The American Institute of Certified Public Accountants (AICPA) developed standards by which certified auditors assess data controls and related risks at service organizations.  The results of such audits are captured in a series of reports which are known as System and Organization Controls (or SOC) reports. These controls are specific standards used to measure how an organization protects and manages sensitive information through its internal safeguards and controls.   SOC audits are voluntary but serve to reassure security-conscious business clients that a service organization is serious about the protection of its data.

Types of SOC Reports

There are currently three types of SOC reports designed to address different topics and audiences.  All SOC certifications require an organization to demonstrate controls regulating their interactions with their clients and client data.

SOC 1: A SOC 1 report evaluates controls that are relevant to a service provider’s impact on its client’s internal control over financial reporting (ICOFR). This type of report either sets a baseline for a SOC 1 Type I, or assesses performance of controls over time (SOC 1, Type II).  If the service provider cannot impact their client’s IFCR, then a SOC 1 audit may not be beneficial.

SOC 2: This type of report is unique to each organization, designed to comply with one or more of the “Trust Services Criteria” set forth below.  SOC 2Type II certification is the most comprehensive within the SOC protocol, and assures clients through an objective assessment by a certified auditor that an organization’s system maintains the highest standards of operating effectiveness of data security controls. As this type of report would be valuable to a hacker or others interested in accessing the organization’s data, it is generally released to a limited audience.

Our SOC 2 audit allows for customization of the examination against the following standards, known as “Trust Services Criteria (TSC)”: 

1. Security: These standard addresses access controls to protect against unauthorized access (both physical and logical) of systems and data. Security controls assessed include physical security controls in place to protect infrastructure, password parameters, firewalls, and network device configuration and other security measures.

2. Privacy: The privacy standard is important when “personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives” in accordance with the privacy standards of the organization. This standard specifically addresses protection of personal identifiable information (PII) which allows for the identification of an individual and therefore differs from the confidentiality standard related to sensitive business information.

Conclusion

Obtaining a SOC 2 certification also offers benefits beyond providing an objective assessment by certified auditors whether data is being managed in a secure and reliable manner. It eliminates the audit expense to clients who would otherwise seek assurance individually that their data was being protected. Further, obtaining a SOC 2 report which can be shared with clients is a major incentive when considering the alternative of facing multiple audits that can significantly impact the regular operations of an organization.

At Streamline Verify, the annual SOC 2 Type II audits, including preparation for the audit itself, gives us all a renewed commitment to sustain our compliance with the highest standards of data security as well as to the expectations of our clients.

 

About Joe Stefansky

About Joe Stefansky

Joe Stefansky has a keen sense of business opportunities in complex problems, using technology to transform difficulty into efficiency. The CEO and founder of Streamline Verify specializes in solving compliance, legal and administrative issues through intuitively designed software that reduces costs and saves time.

Related Articles

The OIG Considers Discontinuing Publication of ...

February 14, 2022

The HHS Office of the Inspector General has just issued a notice that the OIG is considering whether to discontinue its publication of monthly supplements to the LEIE. They are soliciting public input...

LEIE’s Weakest Link: State Data

August 2, 2021

Federal exclusion requirements have been in place for years. However, in the last decade there have been significant legislative efforts to strengthen and extend Medicaid program integrity controls to...

How much does it cost to ...

January 21, 2015

How much does it cost to search the Social Security Death Master File?  Here is a quick overview of your options. Some corporations conduct regular DMF searches as good compliance protocol; others...

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

Our Culture Icon Small

Our Culture

We build the best, so you can perform at your best.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking

HEALTHCARE ESTABLISHMENTS NATIONWIDE COUNT ON STREAMLINE VERIFY

5

60%

Average workload reduction by implementing the Streamline Verify program

5

10K

Establishments trust Streamline Verify nationwide

5

2011

Serving the healthcare industry’s unique compliance needs since 2011

5

24X

Setting standards with hourly synchronization to primary source data

AICP SOC Compliance Logo
HIPAA Compliance Logo