Information or data is a vital asset, like other important business assets, has greater value to an organization and consequently needs to be suitably and adequately protected. “Information Security Management System” (a.k.a ISMS) is an overall compliance management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. ISO/IEC 27001 is an auditable international standard which defines the requirements for an Information Security Management System (ISMS) We at HealthDox, certified consultants having an extensive experience in various business process and segments will provide you suitable solution to handle the risks.

SOC 2 reporting standard was created by the AICPA to fill the gap for organizations that were being requested to have a SAS 70 (now SSAE 18) .A SOC report is mandatory to all the organizations who are serving to united states entities. A SOC 2 report is an engagement performed under the AT section 101 and is based on the AICPA defined Trust Services Principles, Criteria and Illustrations. This report will have the same options as the SSAE 18 report where a service organization can decide to go under a Type I or Type II audit. The purpose of SOC 2 report is to evaluate an organization’s operational compliance relevant to security, availability, processing integrity, confidentiality or privacy.