Skip to Main Content

SOC 2, HIPAA and GDPR, Oh My

by Eric Van Heel

When it comes to virtual data security and privacy, we’re unfortunately not in Kansas anymore. Today, more than ever before, the information we share with organizations we do business with is vulnerable to hackers, accidental leaks and misuse.

At Avtex, protecting the privacy and security of our clients’ personal and business data is a something we take very seriously. We truly believe that your security and privacy are our fundamental responsibility. With that in mind, we’re happy to announce that we’ve achieved three key security and privacy milestones – SOC 2 Type 2 certification, HIPAA Type 1 attestation and GDPR attestation.

Service Organization Control (SOC) 2 Type Certification

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for the effective management and protection of sensitive data. For 2019, Avtex obtained SOC 2 Type 2 certification in two key areas: Security and Availability. This marks the fourth straight year that we’ve achieved SOC 2 Type II certification. This feat is a true testament to our ongoing commitment to protecting the security and privacy of our clients.

Health Insurance Portability & Accountability Act (HIPAA) Type 1 Attestation

To demonstrate compliance with HIPAA laws, Avtex worked with a third-party vendor to conduct a comprehensive compliance assessment to identify and remediate any potential data security or privacy vulnerabilities. The organization can now attest that it maintains security, technology, processes, policies and training procedures that comply with HIPAA regulations. Our compliance with HIPAA regulations allows us to confidently assist our healthcare clients in delivering better experiences to their patients.

General Data Protection Regulation Attestation

The GDPR is a legal framework that sets guidelines for the collection and processing of personal information for residents of the European Union. GDPR regulations apply to organizations that are physically located in, or do business in, the EU. Avtex developed a comprehensive data management framework to demonstrate compliance with GDPR regulations, including those applying to the capture, storage, documentation and utilization of information relating to an identifiable person.

The Culmination of Combined Effort

Each certification or attestation required a rigorous process including audits, policy and procedure reviews, internal control assessments and more. Individuals and teams from every department throughout the organization were involved. We also enlisted the support of third-party consultants to ensure our efforts provided the optimal protection for client data.

Achieving these milestones individually is no small feat – accomplishing all three simultaneously demonstrates our continued commitment to excellence in all aspects of dealing with sensitive and personal information.

We put a great deal of effort into ensuring that when you put your trust in us, your faith is not misplaced. This is just one way we strive to do better for you, and your customers.