We are proud and happy to announce that we have received our second year SOC 2 Type 2 attestation report on January 29, 2021. This year, HIPAA was also included in the scope of the audit. The audit period was December 1, 2019 through November 30, 2020.
We will continue to have an annual audit at the same period going forward. The assessment was performed by BARR Advisory, and their report provides evidence of our dedication to provide our customers with a secure high-quality service.
In addition, we have received a SOC 3 report on February 4, 2021, which is a summary of the SOC 2 report. Read: SOC 3 Security and Availability Report .
What is SOC 2 Type 2 compliance?
For more info on what SOC 2 Type 2 compliance is, please read our blog from last year’s audit: Commitment to Security: Announcing SOC 2 Compliance
What is HIPAA compliance?
The Health Insurance Portability and Accountability Act (HIPAA) is an American law. It requires affected companies and organizations to follow a data security standard for protecting Personal Health Information (PHI). 84codes (the company providing the service CloudAMQP) is a Swedish company, and thus not obligated to be HIPAA compliant. However, by request from our customers, we have achieved HIPAA compliance to better serve their needs. If you want to sign a Business Associate Agreement with us, please send an email to firstname.lastname@example.org.
Security and Compliance Going Forward
Our internal Security and Compliance Program is very robust thanks to our vast experience in keeping it updated to the latest regulations. SOC 2 and HIPAA have complimented our existing program nicely with a holistic approach to security.
It seems that there is a new IT threat or challenge on a daily, sometimes hourly, basis, and therefore security and compliance must continuously evolve to keep up. Because of this, we are committed to conducting a SOC 2 Type 2 and HIPAA audit on an annual basis, prioritizing secure and dependable service for our customers.
NOTE: For next year’s SOC 2 Type 2 and HIPAA audit, Alibaba Cloud will be excluded from the audit scope. Alibaba customers that would like to continue to be on a SOC 2 compliant service must transfer their subscriptions to AWS, GCP, Azure or Digital Ocean (feel free to reach out to us if you need help with that). Further, IBM Cloud and Rackspace will be excluded from the scope after April 1, 2021, since those two cloud platforms will be decommissioned from our offering at that date.
If you have any questions or want to receive a copy of the SOC 2 Type 2 report, please send an email to email@example.com.