We are happy to announce that our company, Infinx Healthcare, has passed the System and Organization Controls 2 Audit (SOC 2).

A SOC 2 audit reviews information about a service organization’s security compliance. Our SOC 2 audit results establish us as a highly secure and private place for our clients to send and store their data.

SOC 2: What Is It And Why Does It Matter?

SOC 2 is a voluntary compliance standard that enterprise organizations follow. This standard was developed by the American Institute of CPAs to allow organizations to better protect customer data.

Our operations team initiated the SOC 2 audit to ensure that our organization is able to securely manage data in a way that protects our clients’ interests and privacy and prevent unauthorized use of customer information and data.

In order to comply with SOC 2 standards, we were required to demonstrate that we adhere to 5 principles of trust: (1) security, (2) availability, (3) processing integrity, (4) confidentiality and (5) privacy. An SOC 2 audit covers all combinations of these five principles to ensure a very high level of protection of customer data.

How Does Infinx Healthcare Incorporate SOC 2’s 5 Principles Of Trust?

An SOC 2 audit covers all combinations of these five principles to ensure a very high level of protection of customer data and are integral to establish SOC 2 compliance. Read on for more detail on our procedures for complying with each of them.

Security

We use firewalls for customer data, as well as two-factor authentication. In accordance with SOC 2 compliance requirements, we employ a multi part security system which allows for maximal protection of our customers’ sensitive data.

Physical Safeguards

  1. All Infinx facilities are physically secured with security guards. These security personnel protect access to the physical buildings where client PHI is stored.
  2. We have 24/7 CCTV monitoring in place with 30 day data retention. This assists in facility security as well.
  3. Devices allowed into our buildings are monitored for maximum protection.
  4. Hard disks and other physical media are securely disposed of when not in use.

Technical Safeguards

  1. Our IT Department employs the use of the following tools to assist with security:
    a. Qualys Guard Vulnerability and Patch Management tool
    b. Cymulate Breach Simulation
    c. PAM
    d. M365 Mail Transport rule
    e. Citrix SIA
    f. DLP
    g. Nessus
    h. NMAP
    i. Crowdstrike
    j. PowerShell
    k. Wireshark
  2. We have employed system access controls which limit who can access client data to help protect our clients’ PHI.
  3. We have a dedicated Managing Detection and Response (MDR) partner for real-time monitoring of cyber threats and Detection Prevention.
  4. Our MDR partner’s Security Operations Center (SOC) uses Security Information and Event Management (SIEM) technology to aggregate log data and security alerts from across our systems and monitor our information security environment 24/7/365. This allows them to capture and respond to any potential threats, like unauthorized access or data breaches in real time.
  5. We also use encryption to ensure that files cannot be accessed by unauthorized individuals who are unable to understand the ciphertext used by our encryption format.
  6. Infinx also employs a vulnerability management protocol which helps to detect risks and develop prevention and remediation plans.
  7. Malware prevention is also used to protect the security of devices within the Infinx environment.
  8. Email security is also used to ensure that all communications are protected and secure.
  9. Data backup is performed on a daily basis to make sure that recovery is available when needed.

Privacy

We have authorized a two-factor authentication process for all remote work environments, email accounts, and Sysadmin accounts. We have also updated our training requirements to help us to adhere to SOC 2 compliance requirements. Our compliance team conducts security awareness training which helps us to keep updated and vigilant with security protocols.

Confidentiality

We use encryption to convert original information from plaintext to ciphertext through an encoding process. Once encoded, only authorized parties can decipher ciphertext back into plain text.

We also have facility access controls to control who can access our various data facilities.

Processing Integrity

Our system here at Infinx is in compliance with SOC 2 guidelines for processing integrity. Processing integrity provides assurance that everything in our system is valid, accurate and operates well. Our processing systems ensure that all client information is processed accurately and that errors are corrected quickly. Data backup is performed daily and weekly, ensuring that there will be continuity of processing in case of any interruptions.

Availability

We ensure system availability by participating in performance monitoring. We have a disaster recovery team to neutralize any potential disasters efficiently and effectively. We’ve also established security incident management processes that detail what procedures will be followed in case of any emergencies.

What Does Passing The Audit Mean For Our Clients?

Our SOC 2 audit means our clients can be assured that their data is safe with us. We have access controls to impose technical and physical restrictions on assets and prevent unauthorized access to customer data. These protect against any potential breach of confidentiality.

We also have change management systems to prevent unauthorized changes to the IT systems within the company. We use risk mitigation methods to identify risks as well as sufficiently respond and neutralize them before any significant breach occurs.

Infinx Is A Safe Place To Send And Store Your Data

Our SOC 2 compliance means you can be assured of our externally verified information security practices. We are well equipped to defend against potential cyber attacks and prevent breaches in confidentiality and security.

It is our priority to keep our customers’ data secure and confidential. Our adherence to SOC 2 standards of compliance reinforces our commitment to putting our clients’ information security needs first.

If you would like to request a copy of our Information Security And Compliance Posture guide, please contact us here or reach out to your customer success manager.