Zus Health Completes Another SOC 2 Type II Audit

^{SOC logo provided by www.aicpa.org/soc4so.}

Update 3/11/25: Zus Health is excited to announce that we have completed our SOC2 type II audit for the 2024 calendar year and our updated report is now available on request.

Zus is pleased to announce that we have obtained a Service Organization Control (SOC) 2 Type II report with an unqualified opinion by the CPA firm Dansa D’Arata Soucia (DDS) for 2024. This demonstrates our commitment to information security and, as a platform for healthcare data, we fully understand the trust our customers and their patients place in us. In CPA jargon, the ‘unqualified’ means that our systems have demonstrated to be effective against the Trust Services Criteria of the SOC 2, without any noted exceptions by DDS.

SOC2

Defined by the American Institute of CPAs (AICPA), the SOC 2 report allows Zus to give our customers audited assurance that we are effective stewards of their patient data. Our SOC 2 report covers the security of the entire Zus Health platform and includes an independent audit and testing of Zus’s policies and procedures and technical controls. The report can be used to verify that we meet customer requirements across security, compliance, internal audit, procurement, and other governance needs.

Secure in the Cloud

As a cloud native company, Zus is able to iterate (and deploy) application features quickly. In conjunction, Zus has incorporated a suite of supporting technologies to ensure adherence to our own data policies and maintain system security. Our infrastructure, applications, and day-to-day operations meet HIPAA Security Rule requirements.

For SOC 2, Zus has automated scans, checks, alarms, metrics and configuration enforcement to meet controls. In the context of our cloud infrastructure, some examples of SOC 2 controls include (but are not limited to):

Data in Transit Encryption
Fault Tolerance
Dependency Vulnerability Monitoring
Common Web Vulnerability Tests

See the Zus blog for any additional news we may share regarding our security posture.

Continual Improvement

This is not crossing a finish line. We are continually reviewing, assessing and improving our security controls and posture. At Zus, we have grand goals and ambitions for the Zus Aggregated Profile (ZAP), and we will continue to work on ensuring our customers and their patients that their healthcare data is protected in a secure, safe, and responsible manner.

The Zus SOC 2 Type II report is available on request, or if you would like to learn more about Zus please contact us.

Now let’s help you build up with the ZAP.