DocSpera—an intelligent surgical coordination platform between healthcare providers and medical devices—becomes the first such SaaS provider to achieve this certification
Today, DocSpera, a premier surgical coordination, healthcare data and image communication platform, announced today that it had completed the Service Organization Control (SOC) 2 Type II audit for its portfolio of cloud solutions. The Software company has received its SOC 2 Type II compliance certification from an independent service auditor, and this attestation demonstrates the company’s ongoing commitment to the highest standard of data protection and security.
SOC 2 Type II applies to any service provider or service organization that stores, processes, or transmits information. With information security playing an increasingly critical role in every aspect of its service delivery, Samuel Ethiopia, DocSpera’s co-founder and CEO, said, “we are excited to achieve this critical milestone in our company’s growth. This certification required a tremendous amount of effort from our entire growing team, but the workflow improvements our platform offers to our customers make this attestation more important than ever to tell our customers that we are serious about protecting them and their information.”
DocSpera is interoperable and partners with more than 30 EHRs and critical systems. It enables automated data capture and communication for specific use cases. We aspire to address healthcare professionals’ care collaboration challenges and increase physician and medical device collaboration through a secure communication platform and care coordination solutions.
SOC 2 information security standards are based on rigorous comprehensive third-party examinations (also known as audits) conducted by an independent AICPA accredited CPA firm. After a SOC 2 audit, the auditor renders an opinion in a SOC 2 Type II report, which describes the cloud service provider’s (CSP) system and assesses the fairness of the CSP’s description of its controls. It also evaluates whether the CSP’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. Office 365 SOC 2 Type 2 reports are relevant to system Security, Availability, Processing Integrity, Confidentiality, and Privacy.
“SOC 2 requires a real commitment,” said Mr. Jon De Vries, DocSpera’s Head of Technology. “Undergoing this rigorous and continuous attestation process is well worth the effort, and demonstrates our comprehensive approach to assure our customers that our products and services align with the industry’s most rigorous security and privacy standards and our commitment to continuous improvement. Our partners and customers can feel confident that we are making every investment to establish and maintain the highest level of security and compliance.”
DocSpera is a fast-growing premier healthcare technology company. Its leading surgical coordination platform addresses every surgeon, ASC, and hospital’s clinical and strategic needs by automating care coordination and integrating real-time information to efficiently deploy the $30B+ spend in the surgical implantable supply market, accelerating the adoption of value-based care and supporting the future growth of surgical volumes.
DocSpera is interoperable and partners with over 30 EMRs and critical systems, enabling automated data capture from patients for its solutions.
SOC 2 Type II overview
System and Organization Controls (SOC) for Service Organizations are internal control reports created by the American Institute of Certified Public Accountants (AICPA). They’re intended to examine services provided by a service organization so that end users can assess and address the risk associated with an outsourced service.
A SOC 2 Type 2 attestation is performed under:
- SSAE No. 18, Attestation Standards: Clarification and Recodification, includes AT-C section 105, Concepts Common to All Attestation Engagements, and AT-C section 205, Examination Engagements (AICPA, Professional Standards).
- SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (AICPA Guide).
- TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, 2017 Trust Services Criteria).