Date: November 23rd, 2021
Hi there, it’s Bri from the Security Team here at Jane. Our team is responsible for ensuring the security of your data and the privacy of your patients. In fact, it’s what our team is dedicated to thinking about All. The. Time. And it’s not just something we prioritize within our team, but throughout our company, too. Security and privacy are embedded in our culture, our training, and our hiring processes.
Here’s a picture of us on our team zoom call!
We’ve also got a surprise for all of you security and privacy fans out there (hint: that should be all of you!). We are so, so (can we say so again?) happy to let you know that we’ve just received our SOC 2 Type 1 Report. 🎉 Now, you might be wondering, what does that mean and why is it so important? We’ve got the answers to your questions here!
What is a SOC 2 report?
SOC stands for System and Organization Controls… but okay, what does that mean? So, controls are the things we do (administrative processes, technical settings, and more) to ensure the security of your data. These controls are in place within Jane the company as well as within the infrastructure that hosts Jane.
So for example, a common administrative control could be requiring employees to undergo what’s called Security Awareness Training (and yes, this is something we do!), but there are also technical controls a company may have, such as ensuring firewalls are enabled, limiting access to sensitive information, and so forth.
What is the difference between Type 1 and Type 2?
For us, you can think of “type 1” sort of like “step 1”. First, we write out those controls, and the auditors we work with verify that we have designed those controls clearly, thoroughly, and appropriately. We provide evidence to them showing that we’re doing what we’ve said we’re doing, and with that evidence approved, we get the report.
Now that we’ve completed our Type 1, our next step will be Type 2, which is when our auditors would come back to ensure that we’ve been consistently following the controls we designed over the course of a year. For example, let’s say you’ve set the goal to go for a 5km run once per week for the next year. If you were being audited on that, they might look back at a specific week and ask you to prove that you ran at least once. If you did complete your run, it sounds like your control is designed effectively! If not, you may need to investigate what got in your way to ensure success next time.
Why is this important to Jane?
Receiving this SOC 2 report is sort of like receiving a report card. It helps us to ensure that we really are doing the right thing! Receiving the report doesn’t mean we’re more secure than we were before, but it does help us to confirm where we’re doing well and if there are areas for improvement.
How is this valuable to you, a clinic owner, or someone interested in using Jane in your clinic?
This report can help you feel like your data is secure because we’re secure! Instead of scouring through different web pages and working with your team to compile security questions to be answered, instead, you can request access to this easy-to-read report.
I still have questions. Do you have a team I can speak to about this?
You bet we do! My team. 😉 If you’d like to chat with us, you can reach us at firstname.lastname@example.org to connect.
Bri, on behalf of the Privacy & Security Team