This week, auditors wrapped up their review of WSHA’s data protections to ensure the association maintains its SOC 2 (System and Organization Controls 2) certification. 

SOC 2 is a cybersecurity compliance framework designed to test and prove that organizations have robust data protections in place. WSHA first achieved SOC 2 certification five years ago and was the second state hospital association in the country to achieve the designation. 

SOC 2 focuses on five Trust Services Criteria: 

  1. Security – Protection against unauthorized access. 
  1. Availability – Ensuring systems are operational and accessible. 
  1. Processing Integrity – Ensuring systems process data accurately and reliably. 
  1. Confidentiality – Protecting sensitive information from unauthorized disclosure. 
  1. Privacy – Managing personal information in accordance with privacy policies. 

Achieving and maintaining certification is a significant investment to demonstrate to members that WSHA can be trusted to protect sensitive as part of WSHA’s robust data analytics program. (Jonathan Bennett)