At Ingenious Med, we continually invest in security best practices to ensure that our client’s data stays safe and secure. As a part of this ongoing effort, we are excited to announce that we have successfully earned our SOC 2 report again for 2025.
The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks. Ingenious Med’s SOC 2 report validates its commitment to data security and protection, as well as compliance with critical standards to mitigate cybersecurity threats. “At Ingenious Med, safeguarding our clients’ data is paramount,” says Andrew Muirragui, Vice President Research & Development, Ingenious Med. “Our investments in SOC 2 and HITRUST certification reflect our commitment to data security and are critical to ensuring our clients can rely on us to protect their sensitive information and meet their compliance needs.”
What is a SOC 2 report and what does it mean for Ingenious Med’s security practices? In this article, we will walk you through the ins and outs of a SOC 2 report and how the report symbolizes trust to clients.
What is SOC 2 report?
A SOC 2 report addresses risks associated with the handling and access of data, and can be used by a variety of organizations of any size (e.g. SaaS, colocation, data hosting, etc.) Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.
The SOC 2 audit testing framework is based off of the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in-scope, a third-party compliance and audit firm evaluates whether the organization has the appropriate policies, procedures, and controls in place to manage the identified risks effectively.
There are five Trust Services Criteria:
- Security (required)
- Availability (optional)
- Processing Integrity (optional)
- Confidentiality (optional)
- Privacy (optional)
In order to complete a SOC 2 examination and receive a letter of attestation successfully, it means an organization is addressing controls in areas such as information security, access control, vendor management, system backup, business continuity, disaster relief, and more.
Who should get a SOC 2 report?
Organizations of all sizes and industries can benefit from a SOC 2 report since the audit can be performed for any organization that provides a variety of services to its customers. A SOC 2 report highlights the controls in place that protect and secure an organization’s system or services used by its customers. The scope of a SOC 2 report extends beyond the systems that have a financial impact, reaching all systems and tools used in support of the organization’s system or services.
Why do I need a SOC 2?
Today, many organizations outsource their business operations and services to third-party vendors, possibly putting client data at risk. For this reason, organizations request that their vendors achieve SOC 2 compliance to demonstrate rigorous IT security standards. Some additional reasons to consider a SOC 2 report for your organization include:
- Clients will most likely request a SOC 2 sooner or later.
- SOC 2 can bring a competitive advantage to your business.
- Enhanced information security practice.
- SOC 2 helps you gain customer trust.
- Ensure your employees understand best practices.
Know your data is safe and secure with Ingenious Med
Ingenious Med will make the SOC 2 report available to current or potential customers upon execution of a non-disclosure agreement. We hope the steps we have taken help you and your IT teams remain confident in knowing that your data is secure with Ingenious Med.
About Ingenious Med®
Ingenious Med® delivers intuitive point-of-care tools that optimize physician productivity and hospital performance. Our easily implementable mobile and web solutions help health systems and physician groups simplify revenue capture, gain actionable analytics, support value-based alignment and optimize workflows across the healthcare continuum. Used in over 80,000 patient encounters every day, we provide physicians, practices and health systems unique insights that strengthen revenues and support their focus on improved patient care.
About A-LIGN
A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. For more information, visit a-lign.com.