Since the company was founded, RamSoft has been committed to establishing and following industry best practices to secure their customer data. As part of its commitment to protecting customer data, the healthcare IT company completed a SOC 2 Type II audit. After just one attempt, RamSoft achieved SOC 2 Type II certification for their PowerServer™ Cloud environment hosted in Microsoft Azure. RamSoft received a clean report with no negative exceptions for any of their controls. The audit was performed by A-LIGN Assurance, an independent service auditor.
The System and Organization Controls (SOC) framework is the industry-leading and internationally accepted standard of controls when assessing whether cloud service providers have established and are following procedures to ensure security and confidentially within their platform.
“SOC certification reaffirms RamSoft’s commitment to protecting the integrity and privacy of our customers and their patients. Obtaining the certification on our first attempt demonstrates the importance that our teams have given to information security,” said Siva Ramanathan, Chief Technology Officer at RamSoft.
The criteria that comprise a SOC 2 report are security, availability, and confidentiality. In order to meet SOC 2 Type II compliance, companies must have controls in place that protect customer data from fraud, intrusions, and other unauthorized activities.
Ensuring the security of data is crucial, especially for healthcare practices. RamSoft’s SOC 2 Type II certification demonstrates that the company’s key compliance controls and objectives are in place throughout the landscape of its cloud platform.
“As opposed to taking a company’s word that they are compliant to standards, an independent third-party auditor tests and proves these controls which gives more weight and validity to the company’s claims. With an official report developed by an independent party, customers can have confidence when doing business with an organization that they are indeed safeguarding their data,” said Oscar Santos, Information Security Officer at RamSoft.
While a customer can choose a vendor that does not have a SOC report, it is imperative to carefully evaluate each vendor of interest – especially if that vendor will be handling their sensitive data. “If the vendor in question interacts directly with confidential data, I would only proceed if they have undergone an audit of either SOC or a similar attestation,” said Santos.