Formally known as Service Organization Control 2, SOC 2 is a crucial independent assessment of a business's structure to safeguard customer data. As a digital growth-oriented company that focuses on client security, StoriiCare proudly announces that we have implemented the necessary policies and controls to achieve SOC 2 compliance, the gold standard of data protection.
What is SOC 2?
A SOC 2 attestation is part of a rigorous auditing process developed by the American Institute of CPAs (AICPA) that tests an organization’s internal controls for data security - assessing how protected the organization is from information breaches and security risks.
The event marks an important achievement for StoriiCare after already being fully compliant with GDPR and HIPAA. Our clients trust StoriiCare to develop innovative solutions, and we've taken the step to further serve our customers by becoming SOC 2 Type 2 compliant.
When being audited, a SOC 2 report can be performed as Type I - which accesses the design of the system relevant to trust principles compliance - or Type II - an assessment performed over a six to twelve-month period to audit the system not only regarding the design and identification of internal controls but also to review if the company follows and executes them with distinction.
The SOC 2 Type 2 audit process is performed over a six to twelve-month period and is conducted by an independent audit firm. Conducted by a nationally recognized CPA firm registered with the Public Company Accounting Oversight Board, this attestation report affirms that StoriiCare’s information security practices, policies, procedures, and operations meet the rigorous SOC 2 Trust Service Criteria for security.
How does it impact StoriiCare?
StoriiCare is a digital EHR platform that has been working with clients across the spectrum of care since 2016. As we are used by a wide variety of care & support services, we offer a high level of customization and have designed our social-media like platform to be user-friendly and intuitive. As a cloud-based system, StoriiCare can be accessed on any type of mobile or desktop device via the browser or our dedicated apps.
StoriiCare partners with Drata to implement continuous automated control monitoring of internal security and compliance standards. With Drata, StoriiCare has real-time visibility across the organization to ensure the end-to-end security and compliance posture of our systems.
“We’re delighted to have achieved our SOC 2 Type 2 attestation. Data protection is core to our business at StoriiCare. As we expand into the Enterprise EHR space, this is a great confirmation that our security is deemed to be exceptional and meeting the standards outlined by AICPA, and we are happy to pass that confidence on to our clients. “ - Cameron Graham, StoriiCare Co-Founder & CEO.
Our platform is built for and with our clients - so it is essential that their needs are taken into consideration at every step of our development. We are proud to announce our SOC 2 Type 2 attestation and gladly welcome any care providers and interested parties to learn more about StoriiCare by booking a demonstration.