Date: March 23, 2023
Hi there, it’s Bri from the Privacy and Security Team here at Jane. Our team is responsible for ensuring the security of your data and the privacy of your patients. In fact, it’s what our team is dedicated to thinking about all the time. And it’s not just something we prioritize within our team, but throughout our company, too. Security and privacy are embedded in our culture, our training, and our hiring processes.
We’re super excited to share the update that we now have a SOC 2 Type 2 Report for Jane 🥳. We’re super excited to have hit this milestone as a celebration that we haven’t just designed our security controls well, but that we have a report to show that we’ve followed those controls consistently 💪
Backing up a bit - what is SOC 2 and what makes it so special? If you’re interested to learn more, read on!
What is a SOC 2 report?
SOC stands for System and Organization Controls… but okay, what does that mean? So, controls are the things we do (administrative processes, technical settings, and more) to ensure the security of your data. These controls are in place within Jane the company as well as within the infrastructure that hosts Jane.
So for example, a common administrative control could be requiring employees to undergo what’s called Security Awareness Training (and yes, this is something we do!), but there are also technical controls a company may have, like ensuring firewalls are enabled, limiting access to sensitive information, and so forth.
What is the difference between Type 1 and Type 2?
For us, you can think of “type 1” sort of like “step 1”. First, we write out those controls, and the auditors we work with verify that we have designed those controls clearly, thoroughly, and appropriately. We provide evidence to them showing that we’re doing what we’ve said we’re doing, and with that evidence approved, we get the report.
Now that we’ve completed our Type 2, this means our auditors have come back to review our work and see that we’ve been consistently following the controls we designed over the course of a year.
To give a real-life comparison, let’s say you’ve set the goal to go for a 5km run once per week for the next year. If you were being audited on that, they might look back at a specific week and ask you to prove that you ran at least once. If you did complete your run, it sounds like your control is designed effectively! If not, you may need to investigate what got in your way to ensure success next time.
Why is this important to Jane?
Receiving this SOC 2 report is sort of like receiving a report card. It helps us to ensure that we really are doing the right thing! Receiving the report doesn’t mean we’re more secure than we were before, but it does help us to confirm where we’re doing well and if there are areas for improvement.
How is this valuable to you, a clinic owner, or someone interested in using Jane in your clinic?
This report can help you feel like your data is secure because we’re secure! Instead of scouring through different web pages and working with your team to compile security questions to be answered, instead, you can request access to this easy-to-read report.
I still have questions. Do you have a team I can speak to about this?
You bet we do - my team! If you’d like to chat with us, you can reach us at [email protected] to connect.
Bri, on behalf of the Privacy and Security Team