One of the earliest tasks that Cloud Service Providers, 3PAOs, and state agencies complete are determining the security levels required to protect data in a cloud environment. FedRAMP uses federal standards and documentation to outline Impact Levels based on the importance of the data. StateRAMP follows suit by defining Impact Categories based on FedRAMP.
Introduced in 2011, Service Organization Control (SOC) reports are becoming more and more popular in data security and compliance discussions with every passing year, especially SOC 2. But what is a SOC report? Which one do you need? Why is a SOC 2 report so important?
There are three types of SOC reports, which are “designed for the growing number of technology and cloud computing entities that are becoming very common in the world of service organizations,” according to ssae16.org. If a SOC 1 report handles the financial transactions a company makes, SOC 2 reports on the security behind those financial transactions, making it more relevant than ever in the growing wake of credit card fraud and data breaches.
One of the many changes brought by the COVID-19 pandemic may be the permanent expansion of telehealth. According to a recent study, the US telehealth market is expected to witness an 80% year-over-year growth in 2020. Numerous video communications services exist, not all provide sufficient privacy and security to facilitate the provision of health care (and HIPAA compliance). While the Office for Civil Rights (OCR) of the United States Department of Health and Human Services (HHS), the division charged with enforcing HIPAA, has provided some flexibility during the pandemic, at some point, it is reasonable to assume that OCR will again raise standards.