CirrusMD Successfully Completes SOC 2 Audit, Affirming Commitment to Ongoing Data Security

CirrusMD, a leading provider of scalable care delivery solutions enabling immediate, affordable, high quality virtual care, today announced its successful completion of its Type 2 SOC 2 audit. This milestone underscores the company's unwavering dedication to data security and the ethical management of patient information.

What is a SOC 2 Type 2 Audit?

A SOC 2 Type 2 audit aims to assure stakeholders that a service organization not only has appropriate security measures in place, but also effectively implements and maintains them over time. Conducted by specialized third-party auditors, the assessment reviews various trust service principles such as security, availability, processing integrity, confidentiality and privacy. 

With the successful completion of this audit, the robust cybersecurity framework established by CirrusMD has demonstrated the ability to mitigate the risk of data breaches, with a level of compliance that is critical for businesses handling sensitive information including patient data. 

The Importance of SOC 2 Audit Completion

In today's digitally-driven landscape, the safety and integrity of data are paramount for organizations and patients alike. A SOC 2 Type 2 audit is not a compliance checkbox; instead it is a strong indicator of an organization's commitment to upholding high levels of security and data protection over an extended time period. Completing this audit is a reflection of CirrusMD’s proactive approach to managing risk, underscoring a dedication to maintaining a secure and reliable service.

"Successfully passing the Type 2 SOC 2 audit not only validates our commitment to data security, but also helps ensure advancements to our clinical care delivery and clinical intelligence platform(s) adhere to the most stringent security guidelines," said Kevin McElhinney, Vice President of Engineering at CirrusMD. “We recognize that organizations seeking virtual care benefits for their members and employees must have complete trust and confidence in their care delivery partner. This certification serves as a safeguard, confirming that appropriate measures are consistently in place to protect sensitive data.”

Audit Conducted by A-LIGN

The audit was executed by A-LIGN, an industry-leading compliance assessor trusted by over 2,500 global organizations. A-LIGN specializes in mitigating cybersecurity risks, making them an ideal partner for this comprehensive assessment.

---

About A-LIGN

A-LIGN is the only end-to-end cybersecurity compliance solutions provider with readiness to report compliance automation software paired with professional audit services, trusted by more than 4,000 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider holistic approach as a licensed CPA firm to SOC 1 and SOC 2 Audit services, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HITRUST CSF Assessor firm, accredited FedRAMP 3PAO, authorized CMMC C3PAO, PCI Qualified Security Assessor Company, and PCI SSC registered Secure Software Assessor Company. Working with growing businesses to global enterprises, A-LIGN’s experts and its compliance automation platform, A-SCEND, are transforming the compliance experience.

About CirrusMD

CirrusMD is providing scalable care delivery solutions enabling immediate, affordable, high quality virtual care to plan sponsors — health plans and employers — who want to improve health and reduce costs for their entire population. CirrusMD uniquely provides an intelligent platform that connects the member at their moment of need to the most beneficial point of care, beginning with an expert physician. We believe that when you provide immediate, affordable care at scale you can drive the change needed to improve health and lower cost across an entire population.