Certifications & Audits
SOC 2
An audit report on a service provider's controls for security, availability, and confidentiality.
SOC 2 (System and Organization Controls 2) is an audit framework from the AICPA that evaluates a service provider's controls against five "trust services criteria": security, availability, processing integrity, confidentiality, and privacy.
A SOC 2 report is independent evidence that a hosting provider has effective controls in place. While SOC 2 is not the same as HIPAA compliance, the two overlap heavily, and a current SOC 2 report is a common way providers demonstrate the maturity behind HIPAA-compliant hosting. Reports come in Type I and Type II forms.