ATHN SOC 2 Type II Compliance

At ATHN, we know the importance of data security and privacy, both for us and our ATHN Affiliates and other partners. We are proud to be SOC 2 Type II compliant in all five trust principles: security, availability, processing integrity, confidentiality, and privacy.

What is SOC 2?
System and Organization Controls (SOC) 2 is a voluntary compliance standard developed in 2010 by the American Institute of Certified Public Accountants (AICPA). It is used to assess how well a service organization manages customer data and protects it from unauthorized access and other vulnerabilities.

During the SOC 2 compliance process, ATHN partnered with an independent auditor who has verified that our technology and processes adhere to the highest standards of security and privacy as they relate to the SOC 2 Trust Service Criteria:

Security – Protecting systems and data from unauthorized access. Availability – Making sure services and data are available as agreed. Processing integrity – Ensuring the processing of data is complete, valid, accurate, timely, and authorized. Confidentiality – Keeping sensitive information safe and sound. Privacy – Protecting personal information as agreed or as required by law.

The ATHN audit included scoping, a gap analysis, and control testing. For Type II compliance, the auditors assessed the effectiveness of ATHN’s security controls during an observation period from July 1, 2023 to December 31, 2023.

Why is SOC 2 Type II compliance important for ATHN?
ATHN Affiliates and our partners in industry, government, and the community often operate in heavily regulated environments where data security and privacy are of utmost concern and importance. Our Type II compliance assures everyone working with ATHN that we prioritize data security and maintain strong internal controls to mitigate any risk of a data breach.

To receive Type II compliance, organizations must undergo a more rigorous evaluation process. Here’s a summary of the difference between Type I and Type II compliance:

  • Type I – Ensures an organization’s systems and controls are designed effectively to meet the applicable Trust Service Criteria at a specific point in time.
  • Type II – Examines an organization’s systems and controls and evaluates their effectiveness to meet the applicable Trust Service Criteria over a sustained period of time. Type II provides a more comprehensive assessment of how well the controls are operating and whether they are achieving their intended outcomes.

ATHN is serious about data security
Because of safety and privacy concerns, having a Type II designation is important when evaluating an organization’s security posture. ATHN is proud to be SOC 2 Type II compliant and pledges to continue to invest in best-in-class security and privacy practices to ensure all of the data in our secure ATHN Systems platform is protected.

To receive a copy of ATHN’s SOC 2 Type II compliance report, a signed NDA agreement must be in place; requests are subject to an approval process.