Abstract

At Siftwell, we are committed to the highest standards of security, privacy, and compliance. That’s why we are excited to announce that Siftwell has achieved SOC 2 Type I certification.

Author: Chuck Hollowell

What is SOC 2?

SOC 2 (System and Organization Controls) is a framework developed by the American Institute of Certified Public Accountants (AICPA) to provide regular, independent attestation and verification of the controls that a company has implemented to mitigate data-related risk.

Achieving SOC 2 Type I certification means that an independent third-party auditing firm has assessed and validated our controls and processes and determined that they meet the high standards set by the SOC 2 framework.

What does this mean for our clients?

We understand that our clients trust us with sensitive and confidential data, and we take that responsibility very seriously. Achieving SOC 2 Type 1 certification means that we are following through on our dedication to continue to safeguard our client’s data.

What’s next?

While we are proud of this key milestone, we will continue to ensure that our information security practices meet the highest standards in the industry. Accordingly, we have recently kicked off the process to document and validate our compliance with the HITRUST Common Security Framework (CSF). The HITRUST CSF is a comprehensive set of security and privacy requirements based on nearly 40 authoritative regulations and standards, including HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), NIST (National Institute of Standards and Technology), PCI (Payment Card Industry), GDPR (General Data Protection Regulation), and the CCPA (California Consumer Privacy Act).