LVM Systems Completes 2022 System and Organization Controls (SOC) 2 Type 2 Examination
By Jake Johnson
LVM Systems’ successful completion of its 2022 System and Organization Controls (SOC®) 2 Type 2 Examination affirms that our practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, processing integrity, and confidentiality.
Completing this examination demonstrates LVM Systems’ commitment to the security and integrity of our platform. LVM Systems selected 360 Advanced to perform the demanding third-party examination.
Throughout the examination, 360 Advanced audited LVM against the AICPA Trust Services Criteria. The examination’s outcome ensures that the company’s controls meet the criteria of the selected trust services.
These trust services criteria encompass the following five categories:
Protects data and systems against unauthorized access, disclosure, or damage.
- LVM has a security team that includes a security officer, a compliance officer, and an incident response team to ensure LVM is up to date with current security best practices and that LVM complies with its security policies and procedures. In addition, LVM performs annual risk assessments, evaluating every aspect of the organization for improvement and ensuring LVM policies and procedures align with current regulatory requirements.
- Background checks are performed on all prospective employees. New employees must review and sign the LVM security agreement, ensuring employees maintain a high level of security integrity. In addition, before working with LVM systems or processes, new employees must receive mandatory security training.
- Quarterly security training ensures employees understand LVM security policies and procedures and are vigilant about new security threats.
- Third-party systems monitor vulnerability and penetration testing to ensure systems remain secure.
- Development teams undergo ongoing training on secure software development lifecycles and secure coding. In addition, third-party security code analysts review the software for known vulnerabilities to ensure LVM development teams use current best practices.
- LVM utilizes encryption standards to ensure all private data access or storage is secured.
- For hosted solutions, LVM utilizes Microsoft Azure as the preferred cloud provider. Microsoft Azure has a security team of over 3,500 members, over ninety security certifications, and has invested over $1 billion in security R&D to ensure client systems and data are protected.
Information and systems are available for operation.
- System monitoring ensures systems are running smoothly. If anomalies are detected, appropriate LVM resources are notified.
- Backup, redundancy, and recovery standards follow industry best practices.
- Disaster recovery development and testing ensure LVM can rapidly recover systems.
3. Processing Integrity
System processing is complete, valid, accurate, and timely.
- Development processes include rigorous quality assurance (QA) reviews to ensure processing integrity within LVM’s software. QA utilizes automated testing tools, manual test scripts, and data comparison tools to assure all areas of code are thoroughly tested.
- QA also tests the latest operating system patches to ensure compatibility.
- Security and information technology (IT) teams ensure the processing integrity of LVM’s hosted solutions.
LVM protects information designated as confidential.
- LVM follows a data retention policy and conducts activity tracking.
- LVM maintains an asset inventory and destruction policy.
LVM collects, uses, retains, discloses, and disposes of personal information following industry best practices.
- Notices and communication of objectives
- Choice and consent
- Collection, use, retention, and disposal
- Disclosure and notifications
- Monitoring and enforcement
As caretakers of our customer data, and as security concerns grow, healthcare organizations choose LVM Systems as their core platform and engine of growth.
Jake Johnson is the CIO of LVM Systems.