Insights from Proteus
Research, Findings, Best Practices, and Humor
ProviderTrust recently achieved SOC 2 Type 1 compliance for its product and service offerings. ProviderTrust is the first Proteus partner company to achieve SOC 2 compliance for services based upon Proteus Platform based products.
SOC 2 compliance is defined by the American Institute of CPAs (AICPA). The purpose of a SOC 2 report is to evaluate an organization’s information systems that are relevant to security, availability, processing integrity, confidentiality or privacy.
To complete the Type 1 report, ProviderTust underwent an extensive, on-site, audit by an accounting firm to confirm the suitability and point-in-time implementation of security controls. The security controls required were over a large range of areas, such as: Disaster Recovery, Production Network Security, Office Network Security, Human Resources Policies, Software Development Process, Change Management, etc.
In addition, the auditors did a thorough review of all aspects of the security controls, creating a record showing each security control is in place.
Proteus-Sys, which is the part of the Proteus Platform responsible for systematizing management of server environments was particularly helpful in implementing and demonstrating many of the necessary controls.
ProviderTrust will also be completing a Type 2 report, which entails a thorough audit that all the controls and associated processes were executed since the Type 1 report was completed.