Shearwater Health Completes SOC Audits for 2017
In our commitment to secure our clients’ data and maintain the standard set by the American Institute of Certified Public Accountants (AICPA) for the Service Organization Control (SOC), Shearwater Health has successfully completed the SOC 1 Type 2 and SOC 2 Type 2 audit conducted by a third-party auditor, Coalfire*.
We are pleased to report 100% compliance in all areas that ensures the protection of our clients’ information and overall security of Shearwater’s infrastructure.
The SOC 1 Type 2 audit report covers our Information Technology General Control Systems for processing user entities’ transactions and the suitability of the design and operating effectiveness of our control objectives for a one-year period.
The SOC 2 Type 2 audit report covers our Information Technology General Control Systems based on the criteria set forth in paragraph 1.26 of the AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy for a one-year period.
We also took the extra measure to be audited for SOC 2 Type 2 mapped to HITRUST certification in our continued acceleration toward being HITRUST certified, which is a strong accomplishment in Information Security and Compliance.
Both reports indicated that controls existed without exceptions over a one-year test period.
“The positive SOC reports demonstrate our commitment to protect client data and continually increase our security standards,” said Darin McCloy, Director of IT & Security. “This audit and our plans for HITRUST certification make Shearwater one of the best offshore vendors available.”
*Coalfire is a leading Cyber Risk Management and Compliance Provider of IT advisory services for security in healthcare and other industries.