Artera Achieves SOC 2 Type II Security Compliance Certification

By Romeo - Security Compliance Lead

Artera x SOC 2

As part of our commitment to cybersecurity, we are proud to announce that Artera is now SOC 2 Type II certified! Alongside HIPAA security compliance.

Artera took steps into getting certified for SOC 2 Type II, a valuable addition that would ensure that our organization’s control and security of confidential data is on par with what is required by the AICPA’s Trust Services Criteria.

SOC 2’s Importance

When a company or organization meets the requirements for SOC 2 compliance, it shows that they maintain a high level of information security.

Once compliant with SOC 2, organizations can defend themselves better against cyber attacks to prevent breaches. Since cloud storage is becoming the most preferred method of storage, thus being SOC 2 compliance is a must-have.

What is SOC 2?

Developed by the American Institute of Certified Public Accounts (AICPA), SOC 2 is designed specifically for providers who store data in a cloud. Companies must meet the SOC 2 requirements, in order to reduce and minimize the risk of exposing their data.

To be certified for SOC 2, Artera must comply with the five trust principles: security, availability, process integrity, confidentiality, and privacy.

The Trust Principles

  • Security: Bare necessities such as appropriate firewalls, two-factor authentication or multi-factor authentication, and intrusion detection. The system must also be protected from any unauthorized attacks on the protected data.
  • Availability: The service must be maintained and needs to be properly controlled for operations, monitoring, and maintenance.
  • Processing Integrity: Proving that data is accurately delivered on time, making sure that the process is free of errors or delays.
  • Confidentiality: There needs to be a sufficient handle on confidential files such as IP content or ePHI. Practices such as encryption, firewalls, and limiting access to files must be ensured.
  • Privacy: A privacy policy set by the company must be consistent with proper procedures. Data must be processed under these and the AICPA’s policies.

The SOC 2 Type II Audit

The audit report is designed to ensure the organization’s clients, management, and entities about the effectiveness of the organization’s control on each trust principle. The audits take place every year at Artera to ensure robust compliance for as long as Artera services are up and running.

We worked with Vanta to help define our controls and ensure they were operating effectively and worked with Johanson Group as the CPA firm that performed our audit.

To view Artera’s SOC 2 Type II report please reach out to us at security@artera.ai.