top of page

FrontRunnerHC Successfully Completes Another SOC 2 Assessment to Further Data Security

lbaker239


Soc 2 Assessment

The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks. "Data security is fundamental in healthcare, where managing sensitive patient information demands the highest standards of protection,” shares CEO, John (JD) Donnelly, “It’s a priority for us to uphold these standards, reinforcing our commitment to secure data handling and client trust. Earning our SOC 2 report validates this commitment, showing our dedication to mitigating cybersecurity threats and meeting the rigorous compliance standards that healthcare demands.”

 

What is a SOC 2 report and what does it mean for FrontRunnerHC?  In this article, we will walk you through the ins and outs of a SOC 2 report and how the report symbolizes our commitment to data security.

 

What is SOC 2 report? 

A SOC 2 report  addresses risks associated with the handling and access of data, and can be used by a variety of organizations of any size (e.g. SaaS, colocation, data hosting, etc.) Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.


The SOC 2 audit testing framework is based off of the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in-scope, the third-party compliance and audit firm (in our case, A-LIGN) evaluates whether the organization has the appropriate policies, procedures and controls in place to manage the identified risks effectively.


There are five Trust Services Criteria available for SOC 2 reporting. The first criterion, Security, is mandatory and commonly referred to as the “Common Criteria.” The remaining criteria are optional. For our SOC 2 report, we include the following:


1.  Security (required)

2. Availability (optional)

3. Confidentiality (optional)


In order to pass a SOC 2 examination and receive a letter of attestation successfully, it means an organization is addressing controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief, and more.  


Who should get a SOC 2 Examination?

Organizations of all sizes and industries can benefit from a SOC 2 Examination, as the audit can be performed for any organization that provides a variety of services to its customers. A SOC 2 report highlights the controls in place that protect and secure an organization’s system or services used by its customers. The scope of a SOC 2 Examination extends beyond the systems that have a financial impact, reaching all systems and tools used in support of the organization’s system or services.


Why do I need a SOC 2?

Today, many organizations outsource their business operations and services to third-party vendors, possibly putting client data at risk.  For this reason, organizations request that their vendors achieve SOC 2 compliance to demonstrate rigorous IT security standards.  Some additional reasons to consider a SOC 2 report for your organization include:


1.   Clients will most likely request a SOC 2 sooner or later. 

2.  SOC 2 can bring a competitive advantage to your business.

3.  Enhanced information security practice.

4.  SOC 2 helps you gain customer trust.

5.  Ensure your employees understand best practices.


Know your data is safe and secure with FrontRunnerHC

FrontRunnerHC will make the SOC 2 report available to current or potential customers upon execution of a non-disclosure agreement.  We hope the steps we have taken help you and your IT teams remain confident in knowing that your data is secure with FrontRunnerHC.  To learn more about our security policies and initiatives, please contact information@frhc.com.

 

About FrontRunnerHC 

FrontRunnerHC is a data automation platform that helps healthcare organizations maximize reimbursement and enhance the patients’ experience through access to accurate patient insurance, demographic, and financial information. FrontRunnerHC finds, verifies, and fixes patient information at any point during the care journey, leveraging its access to the largest payer network in the industry. Defining the patient experience as the clinical journey + the financial journey™, FrontRunnerHC helps improve financial performance, operational efficiency, and patient satisfaction. Learn more at www.frontrunnerhc.com

 

About A-LIGN

A-LIGN is the only end-to-end cybersecurity compliance solutions provider with readiness to report compliance automation software paired with professional audit services, trusted by more than 4,000 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider holistic approach as a licensed CPA firm to SOC 1 and SOC 2 Audit services, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HITRUST CSF Assessor firm, accredited FedRAMP 3PAO, authorized CMMC C3PAO, PCI Qualified Security Assessor Company, and PCI SSC registered Secure Software Assessor Company. Working with growing businesses to global enterprises, A-LIGN’s experts and its compliance automation platform, A-SCEND, are transforming the compliance experience. For more information, visit www.A-LIGN.com.


Comentários


bottom of page