Healthcare is one of the biggest contributors to the US GDP and at Infinitus we are on a mission to reduce the complexity and spend on healthcare back offices. Infinitus has built a conversational AI platform that handles large volumes of tedious, time-consuming phone calls with super-human accuracy and secure and easy-to-consume APIs and Applications. This allows our customers to focus on serving their patients instead of data exchange.  As we like to say – we are taking healthcare off hold. 

To serve our customers and the healthcare ecosystem, the security and privacy of our customers’ data has always been a top priority. Since we started Infinitus, we have always invested time and resources to ensure we follow all of the relevant industry standards to keep our data secure. We also planned to pursue relevant industry certifications like SOC2 to validate our internal security processes and give our customers’ audited assurances from certified bodies.

Some of the processes that we’ve always had in place that allowed us to easily obtain our SOC2 certification include background checks on employees, encrypting all our data at rest and in-transit, making sure any sub vendors we use are equally secure as Infinitus, and maintaining role based access controls throughout our systems. Our SOC2 audited all of these, and also tested a very comprehensive set of security controls. 

Today, we are proud to announce that we have successfully completed a SOC 2 Type II audit for the Infinitus platform and services.

What is SOC 2 Type II Compliance?

SOC 2 is considered the gold standard for security compliance for software-as-a-service (SaaS) companies. SOC 2 requires companies to establish and follow strict information security policies and procedures, safeguard user data, log and monitor user activities and user access levels, take immediate actions against malicious and unrecognized activities, and document system configuration changes.

While a SOC 2 Type I audit would confirm that a company’s system is designed to keep customers’ data secure at a point in time, we chose to pursue a SOC 2 Type II, which continuously tests the controls over a longer period of time. Passing the SOC 2 Type II audit means that our company has consistently maintained processes and practices.

What does SOC 2 Type II Compliance mean for our customers?

Security is paramount to building trust in the healthcare ecosystem. Implementing and maintaining SOC 2 requirements demonstrates Infinitus’ ongoing commitment to protecting healthcare data by meeting the most rigorous security standards in the industry. It verifies that our security controls are in accordance with the AICPA Trust Services Principles and Criteria and that best practices are built into our way of working, throughout every team – from our technical team to people operations. Security is considered a fundamental and integrated part of everything we do, and we have taken the necessary steps to keep our customers’ data safe, and protect them from potential data breaches.

Controls that our SOC2 Type II Compliance audit included are: Governance and Policies, Employee Background Checking, Risk Management, Asset Management, Access Control, Data Encryption at Rest and in Transmission, Firewall Rules, Penetration Test, Intrusion Detection, Performance Monitor, Logging, Vendor Management, Business Continuity, Incident Management, Vulnerability Management, and Application Development Lifecycle.

To get a full description of how Infinitus handles security and HIPAA compliance, please visit our security overview page.

Can I see a copy of the auditors’ report?

If you’re an existing customer, please contact your sales rep or your support team.  If you aren’t yet an Infinitus customer, we would be happy to provide a copy of the SOC 2 report with you under NDA.  Please email sales@infinitus.ai

Infinitus’ commitment to our customers and security

Infinitus has always prioritized security, compliance and privacy.  Our SOC 2 certification is just one important milestone on our security journey.  We hope this demonstrates our commitment to protecting our customers’ data. Our team will continue to follow best practices internally as well as pursue relevant certifications.