We’re proud to announce that Lewan has completed a third party audit attesting to our achievement of the data security requirements of the Service Organization Controls (SOC 2) Type II and HIPAA Security and Breach Notification Requirements.
This is a notable achievement that few providers possess and as such, many clients don’t know to look for these certifications when vetting a new managed services or managed security company.
First, there are two types of SOC 2 audits I want to distinguish between – Type I and a Type II reports.
Type I indicates that the policies of an organization were reviewed and meet the critical controls needed to pass the audit. Type II includes a review of the effectiveness of those critical controls. In other words, a Type II shows not only the appropriate policies in place, but that the organization can do what they say in the policies by effectively controlling the intended initiative.
At minimum, you want to work with a provider that has passed the Type I audit, but Type II is the true measure of a trusted managed services or managed security provider.
A Type II attestation consists of a thorough examination of an organization’s internal practices and controls (policies) over a 6 month period. This exam period could be longer, but 6 months to a year is the normal time period chosen for examination. This audit is accomplished by a certified 3rd party that follows stringent requirements set forth by the American Institute of CPAs (AICPA).
When trusting a managed service provider with sensitive and confidential information such as passwords, documents, secure images, etcetera, you want them to have obtained a high-level attestation like the SOC 2 Type II to show they have the architecture, policies, procedures and guidelines in place to support your needs in a secure manner.
To achieve a SOC 2 Type II attestation from a certified AICPA auditor the following areas of a managed service provider’s policies and practices are reviewed, audited and attested to:
In addition to the Types, if you are in the healthcare industry, there is a HIPAA component that you will also want your provider to possess. HIPAA is designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
Lewan has achieved a SOC 2 Type II and HIPAA attestation from Linford & Company LLP. We want to ensure our clients upfront that we are providing them with the highest standard of security for their data and systems, and save them the investment of vetting us at their own cost.
We provide a 24x7 SOC that clients can leverage in addition to our managed services Network Operations Center (NOC). These services can be utilized separately or together based on your needs.