Berbix Completes SOC 2 Type 2 and HIPAA Compliance Reviews

In 2019, Berbix engaged with the auditor A-Lign to successfully complete a SOC 2® — SOC for Service Organizations Type 1 examination.  At the beginning of 2020, we engaged with them again to complete our SOC 2 Type 2 examination along with an evaluation of our HIPAA compliance practices and policies.  We are pleased to announce that we are HIPAA compliant and completed the SOC 2 Type 2 examination.

While the SOC 2 Type 1 examination evaluates the design and implementation of system controls at a point in time, the SOC 2 Type 2 examination evaluates system controls over a period of time.  For Berbix, we were evaluated for the full twelve-month period since the completion of our SOC 2 Type 1 examination, from March 2019 through March 2020.

Security and privacy are an essential component of every part of how we do business and build technology at Berbix.  Our primary objective is to protect the security and privacy of user submitted data, and since we are processing critical information including driver’s licenses, passports, and user photos, we treat all of our data with the highest possible level of care.

Compliance standards such as SOC 2 and HIPAA are useful benchmarks and the regular examinations can provide a useful checkpoint, but we aim to exceed these standards and deliver the most effective security and privacy controls.  We aim to hold ourselves to the highest possible security and privacy standards for our unique technology.  For example, we developed an image watermarking service so that images in our dashboards are rendered with a unique, per-access fingerprint.

Additionally, we are HIPAA compliant and are ready to sign business associate agreements.  The Health Insurance Portability and Accessibility Act was developed to ensure the safe handling of protected health information handled by what are known as “covered entities” such as health insurance providers, healthcare practitioners, and their business associates.  While the HIPAA standard developed by the US Health and Human Services specifically pertains to protected health information, at Berbix, we strive to treat all of our customer’s data with this level of security and privacy.  All employees receive HIPAA specific security training and are instructed to apply those learnings to all aspects of their roles.

We are committed to maintaining our HIPAA compliant standing and completing a SOC 2 Type 2 examination each year to demonstrate that our security and privacy controls are continuously operating to protect user data.