Mozzaz Completes SOC-2 Type II Compliance Audit for the 3rd Year Straight
Information security is a growing area of concern for many organizations as we move towards an increasingly digital world. Mishandled data leaves systems vulnerable to cyber-attack and malicious behavior such as data theft, extortion, or malware installation - the consequences of which are far-reaching.
Mozzaz is happy to announce that we have successfully completed our third annual SOC-2 Type II Compliance Audit with no stated exceptions. This accomplishment demonstrates our continued commitment to safekeeping organizational data for our clients and business alike. In this blog, we’ll explain what a SOC 2 report is, what it covers, and what it means for the organizations we serve.
What is a SOC 2 Type II Report?
SOC 2 Type II is an auditing procedure which ensures that your providers securely manage data to protect both your own organizational interests and those of your clients. SOC 2 Type II compliance is based on a set of up to five trust service principles, Mozzaz was specifically evaluated on security, availability, and confidentiality.
Completing a SOC 2 examination through an accredited third-party auditor does not result in any certification. Instead, the resulting CPA’s report functions as a tool to help an organization communicate whether the internal controls they’ve put in place governing the security of customers’, partners’, and stakeholders’ data are properly designed, implemented, and maintained.
In more simple terms, a SOC 2 report provides an avenue for current and potential stakeholders to assess risk by giving them a closer look at the policies and procedures put in place to ensure the organization’s services are provided safely and reliably.
Why is SOC 2 Compliance Important?
While SOC 2 compliance isn’t a requirement, it is one of the many tools we leverage as part of our Mozzaz Trust Services to safeguard client data. Many of our enterprise healthcare clients such as CVS Health, Penn State Health, Tulane Medical Center, and Novant Health demand certified security and compliance controls. Thus, completing a SOC 2 audit demonstrates our commitment and confidence in our information security practices.
By providing our clients with defense against potential cyber-attacks and security breaches, we provide peace of mind knowing patient data is being handled with care and concern at all stages.
Who can Perform a SOC Audit?
A SOC 2 Type II Examination can only be issued by third party auditors. The assessment indicates the extent to which the vendor complies with up to five trust principles based on the systems and processes in place. The five trust principles are broken down below:
Security
The security principle speaks to the protection of system resources against unauthorized access. Whether that be in the form of access controls, encryption, two-factor authentication or firewalls and intrusion detection. These come together to better protect against security breaches that may result in unauthorized access to organizational systems and data.
Availability
The availability principle refers to system accessibility as it relates to products or services and their contract or service level agreement (SLA). It specifically addresses security-related criteria that may affect availability such as performance monitoring, disaster recovery and incident handling.
Processing Integrity
The processing integrity principle speaks to whether or not the system achieves its intended purpose. The data must be complete, valid, accurate, timely and authorized. This principle includes monitoring of data and various quality assurance processes.
Confidentiality
Restricted data is considered confidential, and its disclosure is restricted to specified sets of persons or organizations. Examples include health-related data, intellectual property or internal price lists and other sensitive information types. Part of the toolset here includes access control, encryption and network and application firewalls.
Privacy
The privacy principle speaks to the system’s collection, usage, retention, disclosure and disposal of personal information as it conforms with both the organization’s privacy policy as well as overarching policies as it relates to industrial requirements. This is especially important for healthcare related organizations, who are also required to comply to other such policies such as PHIPA and HIPAA.
As technology advances and digital solutions continue to solve real-world problems in healthcare, data protection should be at the forefront of decisionmakers’ minds. The best time to invest in data-security is before an issue happens.
SOC 2 Compliance is one of the many standards Mozzaz holds itself to, alongside PHIPA and HIPAA to ensure that all data is protected to the highest extent possible. As part of our Mozzaz Trust Services, organizations both large and small will undergo compliance and security assessments ensuring that technological advances don’t open gateways for nefarious actions. Additionally, Mozzaz will ensure that appropriate policies are in place for any potential challenges in the evolving cybersecurity landscape.
Where Can I Go for More Information?
Our auditing partner, BARR Advisory, has provided a detailed breakdown on how to read a SOC 2 report, including where to find the most important and relevant information for your situation. You can always contact Mozzaz directly for more information about our certifications and how we safeguard our clients data.