Committed to Surpassing HIPAA and GDPR Requirements to Ensure PHI Protection
A diligent commitment to security is required to do business in healthcare services. As a global enterprise, AQuity follows HIPAA and GDPR guidelines with all staff, from the CEO to the front-line production team members, subject to annual security training. To ensure preparedness of our people, processes and infrastructure, AQuity annually completes ISO 27001 (ISO/IEC 27001:2013) and SOC 2 Type 2 Security Audits and are consistently confirmed with no Non-Conformance findings.
ISO 27001 is an international standard outlining best practices for an information security management system (ISMS). ISMS is a set of policies and procedures to systematically manage sensitive data and applies the following principles to manage and protect business-critical information security:
- Confidentiality– Ensures information is accessible only to those authorized to have access.
- Integrity– Safeguards the accuracy and completeness of information and processing methods.
- Availability– Ensures authorized users can access data and associated assets when required.
SOC2 Type 2 engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. The SOC 2 Type 2 report provides an understanding of the service organization’s suitability of the design of its internal controls. Successful completion of this voluntary engagement demonstrates AQuity’s ongoing commitment to create, maintain, and operate a secure environment for their clients’ confidential data.
The company’s SOC 2 Type 2 testing includes examination over a 12-month period of their policies, procedures, and operations for network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical functional areas of their business. Upon completion of the audit, they received a Service Auditor’s Report demonstrating that their policies, procedures, infrastructure, and operations meet or exceed the stringent SOC 2 Type 2 criteria.
These certifications confirm AQuity’s Information Security Management System meets or exceeds industry best practices and that security controls are strictly adhered to in the delivery of all production services and across all locations where AQuity operates in the U.S., India, Canada, and Australia.