Since Greenspace was launched in 2015, privacy and security have been at the foundation of our work. We continually invest in security best practices to ensure that the data of our partner clinics and the people they serve stays safe and secure. As part of our commitment, Greenspace undergoes an annual SOC 2 Type 2 assessment to validate and ensure that our data security processes and protocols exceed the highest standards. We are happy to share that we have, once again, successfully completed our annual SOC 2 Type 2 examination and will continue our efforts to ensure we offer best-in-class privacy and security.
What is a SOC 2 Type 2 report and what does it mean for Greenspace and our partners? Keep reading as we share some insight into the assessment process, what it examines, and why the report matters to our partners.
What is the SOC 2 report?
While the SOC 1 pertains to financial reporting, a SOC 2 Report addresses risks associated with the handling and access of data, and can be leveraged by a variety of organizations of any size. Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different areas across an organization.
Our SOC 2 examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks. The SOC 2 Audit Testing Framework is based on the Trust Services Criteria (TSC), which are used to identify various risks an organization should consider addressing. Based on the TSCs in-scope for each particular organization, a third-party compliance and audit firm (in our case, A-LIGN) evaluates whether the organization has the appropriate policies, procedures, and controls in place to manage the identified risks effectively.
A SOC 2 report highlights the controls in place that protect and secure an organization’s system or services used by its customers. In order to pass a SOC 2 examination and receive a letter of attestation, an organization must address and have evidence of effective controls in areas such as information security, access control, vendor management, system backup, business continuity, disaster relief, and more.
Greenspace works with hundreds of clinics, hospitals, organizations, and health systems to measure client outcomes and ultimately improve care. Many of our partners choose to trust Greenspace because we regularly complete our SOC 2 Type 2 examination, demonstrating our enhanced information security practices.
Know your data is safe and secure with Greenspace
Greenspace will make the SOC 2 Type 2 report available to current or potential partners working with us to implement our Measurement-Based Care, Intake, or Population Health Platforms. We are always committed to working with your organization and IT teams to ensure you can remain confident in knowing that your clinical data is secure with Greenspace. To learn more about our privacy and security policies and processes, visit our Privacy & Security page or reach out anytime at info@greenspacehealth.com.
