Advanced Metrics recently attained SOC 2 certification in recognition of steps taken to ensure data security and privacy. In this interview, Kate Gallagher, Chief Operating Officer at Advanced Metrics, explains why Advanced Metrics went through the SOC 2 certification process and what that means for its customers and business partners.
Question: What is SOC 2?
Kate: SOC stands for “system and organization controls.” It’s an auditing procedure that confirms we can securely manage data and protect the privacy of our customers and their clients. The certification procedure is administered by a third party based on five principles: privacy, security, availability, processing integrity, and confidentiality.
Q: What does it mean to be SOC 2 certified?
Kate: Being SOC 2 compliant assures customers and clients that Advanced Metrics has the infrastructure, tools, and processes in place to protect their information from unauthorized access, both from within and outside the company. We regularly monitor for malicious or unrecognized activity, document system configuration changes, monitoring user access levels – essentially, we have all the tools in place to recognize threats and take necessary action to protect data and systems from unauthorized access or use.
Q: Why is SOC 2 certification important?
Kate: Through our software solutions, Advanced Metrics is entrusted with sensitive customer data, including Private Health Information (PMI). Security and privacy are high priority for us, and we are committed to being good stewards of the data entered into our systems. We hope our SOC 2 certification gives our customers confidence in knowing that they are working with a partner with robust procedures and controls for safeguarding their data security and privacy.
Q: What does SOC 2 certification involve?
Kate: The entire process was a very detailed, year-long endeavor, and the certification is renewed annually. We started with a readiness assessment of 150 criteria to evaluate our baseline performance and identify any gaps. We then worked to remediate those gaps, ensure proper controls and procedures were in places, moved to the final audit process, and finally obtained certification.
Q: Why now?
Kate: Managing data is a critical part of the work we do for clients so ensuring data security is integral to being a good partner. The certification is part of Advanced Metrics’ growth strategy to ensure we are a stronger company overall.
Advanced Metrics is a Certified B-Corporation dedicated to improving lives by uniting community-based services with science-informed approaches. If you are interested in becoming part of the Advanced Metrics team, you can check out our current open positions on the Careers page.