SOC 2 and HIPAA Compliance: Your security & privacy is our highest priority

Atomic.io / Blog

SOC 2 and HIPAA Compliance: Your security & privacy is our highest priority


Ben Pujji
14 June 2021
As Atomic continues to grow around the world, it’s important to us that our customers have reassurance in our ability to keep their systems and information private and secure.

That’s why we’re incredibly proud to announce that we are now both SOC 2 Type I and HIPAA Type I compliant.

Achieving SOC 2 and HIPAA has been an opportunity to put our security practices to the test, and demonstrate they are meeting the highest standards.

What is SOC 2 Compliance?

Service Organisation Control 2 (SOC 2) is an internationally recognised standard developed by the American Institute of CPAs (AICPA). SOC 2 ensures that organisations and their cloud-based systems are designed in a way that guarantees security, availability, processing integrity, confidentiality, and privacy of customer data.

SOC 2 compliance is awarded to businesses by external auditors upon assessing their compliance with one or more of the trust principles. Atomic was assessed by A-LIGN and has achieved compliance with the following trust principles – Security, Availability and Confidentiality.

There are two types of SOC 2 audits, Type 1 and Type 2. Type 1 examines the controls used for maintaining the trust principles at a point in time with Type 2 examining the effectiveness of these over a period of time. Atomic is currently SOC 2 Type I compliant as of 5th May 2021 and we are working towards becoming Type II compliant.

What is HIPAA Compliance?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

HIPAA compliance is awarded to businesses by external auditors upon assessing their compliance with Rules issued by the US Department of Health and Human Services (HHS). Atomic was assessed by A-LIGN has been attested for compliance with the Security Rule and is currently HIPAA Type I compliant as of 5th May 2021.

What does this mean for you?

Atomic provides you with the tools to interact with your customers securely within your authenticated apps. We know that you are placing incredible trust in us that not only will your data be safe but also accurate. Our SOC 2 and HIPAA reports can provide you with the assurances that we are protecting your data by following industry best practices.

SOC 2 and HIPAA compliance encompasses the technology, processes and people across our entire organisation from recruitment to business continuity, code development and more. Achieving SOC 2 and HIPAA has made Atomic more robust across the board now and moving forwards.

What’s next?

We’re currently working towards achieving SOC 2 Type 2 with expected compliance in 2022. Atomic is committed to carrying out annual SOC 2 Type 2 and HIPAA Type 1 audits moving forwards to ensure we continue to maintain and improve on our security practices.

If you have any questions or would like to request a copy of our SOC 2 report, please get in touch at privacy@atomic.io