Zus Health Gains SOC 2 Type II Compliance

^{SOC logo provided by www.aicpa.org/soc4so.}

Update 3/4/24: Zus Health is excited to announce that we have passed our SOC2 audit for the 2023 calendar year and continue to sustain our compliance.

Zus is pleased to announce that we have obtained a Service Organization Control (SOC) 2 Type II report with an unqualified opinion by the CPA firm Dansa D’Arata Soucia (DDS). We take information security seriously, and as a platform for healthcare data we recognize the weight of trust from our customers and their patients.  For over a year we have worked to harden our systems, security, procedures, and policies to exceed a very high bar of compliance, and we are proud to offer this credential as a testament to this commitment. In CPA jargon, the ‘unqualified’ means that our systems have demonstrated to be effective against the Trust Services Criteria of the SOC 2, without any noted exceptions by DDS.

SOC2

Defined by the American Institute of CPAs (AICPA), the SOC 2 report allows Zus to give our customers audited assurance that we are effective stewards of their patient data.  SOC 2 controls are grouped into five Trust Principles: Security, Availability, Confidentiality, Processing Integrity, and Privacy.  The certification reflects an audit of Zus’s technical controls, as well as our organization’s policies and procedures.

Zus had previously passed a Type I on August 16, 2022. The Type I audit is an assessment of how the system is designed to meet the controls under each Trust Principle.  The Type II is an observation period, where the system and control effectiveness are assessed over a duration of months.

Secure in the Cloud

As a cloud native company, Zus is able to iterate (and deploy) application features quickly.  In conjunction, Zus has incorporated a suite of supporting technologies to ensure adherence to our own data policies and maintain system security. Our infrastructure, applications, and day-to-day operations meet HIPAA Security Rule requirements.

For SOC 2, Zus has automated scans, checks, alarms, metrics and configuration enforcement to meet controls.  In the context of our cloud infrastructure, some examples of SOC 2 controls include (but are not limited to):

• Data in Transit Encryption
• Fault Tolerance
• Dependency Vulnerability Monitoring
• Common Web Vulnerability Tests

See the Zus blog for any additional news we may share regarding our security posture.

Continual Improvement

This is not crossing a finish line – in fact, we’re regarding it as another start.  At Zus, we have grand goals and ambitions for the Zus Aggregated Profile (ZAP), and we will continue to work on assuring our customers and their patients that healthcare data is stewarded and protected in a secure, safe, and responsible manner.

The Zus SOC 2 Type II report is available on request, or if you would like to learn more about Zus please contact us.

Now let’s help you build up with the ZAP.