Qsource Achieves SOC 2 Type II Attestation

Qsource has successfully achieved System and Organization Controls 2 (SOC 2) Type II Attestation. This rigorous independent audit validates the effectiveness of the organization’s controls that safeguard sensitive information. This achievement demonstrates Qsource’s continued commitment to protecting sensitive data and preventing breaches. 

The SOC 2 report is quickly becoming one of the most sought-after compliance standards in North America. The reports offer some of the best ways to demonstrate effective information security controls.  SOC 2 reports help organizations prove their information security controls based on five Trust Services Criteria (TSC):  

• Security: Prevention of illicit or detrimental data usage and disclosures.
• Availability: Consistent access to user-facing information and systems.
• Processing Integrity: Completion, punctuality, and authorization of all procedures.
• Confidentiality: Protection against security breaches of legally safeguarded information.
• Privacy: Protection against unauthorized disclosure of personally identifiable data. 

SOC 2 Type II delves into the minute details of the infrastructure service system throughout the specified period.  

• Infrastructure: The physical and hardware components (networks, facilities, and equipment) that support an IT environment and help deliver services.  
• Software: The operating software and programs (utilities, applications, and systems) used to facilitate data and system processing.
• People: The personnel (managers, developers, users, and operators) involved in the management, security, governance, and operations to deliver services to customers.  
• Data: The information (files, databases, transaction stream, and tables) used or processed within the service organization.  
• Procedures: The manual or automated procedures that bind processes and keep service delivery ticking along. 

A SOC 2 report assures that Qsource has the required data security controls in place to protect customer data against unauthorized access and can detect anomalies and security incidents across the entire ecosystem. Besides preventing risk situations, Qsource can quickly repair damage and restore functionality in the event of a data breach or system failure. 

About Qsource 

Qsource, a 501(c)(3) nonprofit organization based in Tennessee, works with healthcare providers, partners, patients, and other stakeholders to continually improve healthcare quality, and ensure providers meet regulatory requirements. For over 50 years, Qsource has been a nationwide leader in Quality Improvement (QI) and Quality Assurance (QA) across all healthcare settings.