At SilverCloud Health, we understand the importance and sensitivity surrounding the protection of our client’s personal health and wellbeing data. Our platform was developed with security and confidentiality in mind, and we continue to pursue external validation of our security in order to build trust with our clients. Most recently, our information security team completed a SOC 2 + HITRUST examination, with the audit report finding no exceptions. Since 2013 we have held the ISO 27001 certification, and we consistently work alongside consultants and security testers to ensure our systems remain secure.
A System and Organization Controls (SOC) 2 report documents assessments performed by Certified Public Accountant (CPA) firms. SOC 2 reports are the most widely accepted form of security assessment reports for Software-as-a-Service (SaaS) organizations, like SilverCloud, globally. These reports assess the operational effectiveness and design of an organisation’s controls to meet the Trust Services Criteria.
HITRUST CSF is the leading security and organization framework aligned with specific requirements of the healthcare sector. HITRUST is a nonprofit whose goal is to help organizations manage and certify their compliance with information security controls and compliance reporting requirements. While there are both similarities and differences between the two reports, they are both intended to illustrate an organization’s security and privacy practices. If you’re interested in learning a little more about both examinations, check out this article discussing the SOC 2 + HITRUST process.
SilverCloud Health’s assessment process began with auditors gathering information about our product, technology, processes, security controls, and commitments to customers. We then developed a detailed description of our operations, components of the system, including people, procedures, and data; and our management and risk controls. The auditors assessed our control design and implementation against the SOC 2 security, availability, and confidentiality criteria, and the HITRUST security controls.
By navigating the SOC 2 + HITRUST assessment process and obtaining the report for SilverCloud Health’s platform, we provide a strong and independent evaluation by a third party for operational security controls that meet customer requirements. Our final report can be provided to the security teams of both current and future customers. Contact our team at security-team@silvercloudhealth.com to request our restricted-use SOC 2 + HITRUST report.