Major companies with significant data information operations can’t risk using third-party vendors that aren’t rigorous in a best-practice approach to data management and security. Working with someone who is not SOC 2 compliant only creates opportunities to put data at risk.

GrayHair recently completed its SOC 2 compliance testing with HITRUST mapping, and our next annual audit is already underway. We’ve been SOC 2 certified for more than five consecutive years.

“GrayHair is taking a proactive approach to data security and compliance in completing a SOC 2 audit and HITRUST controls mapping,” said Dixon Wright, Managing Principal SOC & ISO Practices, Coalfire Systems, Inc. “As a service provider to their clients, GrayHair can now confidently provide clients an independent report on their security controls posture for IT.”

SOC 2 represents Service Organization Control 2 compliance, and is an annual, in-depth security evaluation audit performed by an independent, accredited third party. It examines security policies and processes in place at data centers and physical locations. It typically takes 3-4 months from audit to compliance approval.

Says GrayHair’s Linda Green, Senior Director of Risk Management and Compliance:

“We’re a company with an aggressive, best-practice approach to data security, and are committed to achieving SOC 2 compliance. This year, we’re pleased to announce that we added HITRUST mapping to our SOC 2 as an extra layer of security for our HIPAA clients.

“We are audited on annual basis for security compliance by many of our fortune clients, and our independent SOC 2 compliance testing is vital to the success of our relationships.”

Whenever companies are working with vendors, it’s certainly prudent to look for a SOC 2 report on their website, or to inquire if they’re SOC 2 compliant.

Click below for frequently asked questions on SOC 2 evaluation and reporting process:

Share this: