Trust at Amenities Health is founded on transparency and data security. Security has been an ongoing priority from the start, and today, we are thrilled to announce Amenities Health as SOC 2 compliant. This achievement speaks to our continued dedication to preserving patient data and operational transparency for our customers, patients, and partners.
We sought to become SOC 2 compliant and approached it carefully, strategically, and collaboratively. With the help of Johanson Group’s and Vanta’s compliance knowledge, we went the extra mile to ensure that best practices were followed throughout our operations. Along the way, we gained valuable insights that we’re excited to share.
Industry-Standard Accreditation
SOC 2 is a widely recognized security standard established by the American Institute of CPAs (AICPA). It provides an objective assessment of an organization’s data security controls. Johanson Group conducted an in-depth evaluation of our infrastructure, including firewall configurations, change management, logical access, backups, and incident management.
This collaboration resulted in a comprehensive SOC 2 compliance report that validates our adherence to these rigorous standards. We also implemented continuous compliance monitoring to ensure ongoing protection, keeping our digital systems secure year-round.
Key Takeaways from our SOC 2 Journey
1. Security is a Team Sport
SOC 2 compliance was not a project handled by a single department; it was a company-wide commitment. Every department, from engineering to customer success, contributed to meeting the requirements and embedding security into our culture. Vanta’s platform automated key processes, ensuring security became a natural part of our daily workflows.
2. Partners Enhance Compliance
Partnering with Johanson Group was essential to our success. Their expertise helped us articulate needs, refine processes, and exceed SOC 2 criteria in areas critical to our mission.
3. Automate and Integrate
The compliance framework doesn’t have to interfere with business; it should work with business. Integrating Vanta’s automation tools streamlined compliance without disrupting operations. For example, automating access controls through Slack groups allowed us to maintain up-to-date security alongside ongoing development efforts. Vanta’s proactive alerts kept us audit-ready at all times.
4. Continuous Compliance
SOC 2 compliance isn’t "one-and-done" - it’s an ongoing commitment. With the assistance of Johanson Group and Vanta, our systems are kept secure and meet the requirements 24/7.
Looking Ahead
The achievement of this audit is only the first step to security excellence. We will also now run an annual SOC 2 audit and quarterly security reviews to stay up to date with new threats and best practices. We do all of this so that our patients, partners, and healthcare systems have the most secure and private data privacy and protection possible.
