Calpion across all service lines, locations & technology solutions is SOC Certified.
The Statement on Standards for Attestation Engagements No. 18 (SSAE 18) is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), for redefining and updating how service companies report on compliance controls. SSAE 18 refers to many types of attestation reports mainly as SOC1, SOC2 and SOC3.
SOC (Service Organization Control) reports ensures our customers are confident about Calpion's data security and compliance. There are five Trust Services Principles that comprise our SOC2 report:
Security:The system is protected against unauthorized access (both physical and logical).
Availability:The system is available for operation and use as committed or agreed.
Processing:Integrity System processing is complete, accurate, timely, and authorized.
Online Privacy :Personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed.
Confidentiality:Information designated as confidential is protected as committed or agreed.
At Calpion we adhere to all the compliances required under HIPAA and the BAAs we undertake with our clients. Our HIPAA compliance team is led by a Compliance Officer who monitors compliance.
A BAA & confidentiality agreement is signed by all employees at the time of joining the organization and employees are trained on the importance of compliance.