Pharmiweb ChannelsAll | PharmaCo | Clinical Research | R&D/BioTech | Sales/Mktg | Healthcare | Recruitment | Pharmacy | Medical Comms RSS Feed RSS Feeds


Press Release

CloudMine Achieves SOC 2 Certification, Solidifying Leadership in EHC Security

Posted on: 23 Jan 18

PHILADELPHIA, Jan. 23, 2018 /PRNewswire/ -- CloudMine, a HIPAA-compliant Enterprise Health Cloud platform, announced today that it has achieved Service Organization Control (SOC) 2 certification.

CloudMine began pursuing SOC 2 in November 2017. SOC 2 is focused on service organization controls that relate to operations and compliance. This achievement is important to healthcare stakeholders as it is further evidence of CloudMine's ongoing commitment to security.

In addition to SOC 2, CloudMine had already achieved HITRUST CSF certification, evidence of its HIPAA compliance, in 2016. CloudMine previously achieved ISO 27001 certification for information security management systems (ISMS). Holding all three certifications solidifies the company's leadership in security and is evidence of its stringent controls.

"Nothing moves forward in healthcare unless everyone is confident that sensitive data is secure," said Jeff Gardosh, CloudMine VP, Security and Assurance and former Chief Information Security Officer for the City of Philadelphia. "Security is the foundation on which healthcare innovation is built, and as a former CISO, I can say that CloudMine's level of certification is exactly what you look for in a major ePHI service provider."

The SOC 2 certification is overseen by the American Institute of Certified Public Accountants (AICPA). Until 2011, the AICPA relied on the SAS 70 standard, which evaluated service organizations and how their activities affected the financial reporting of their clients. However, due to widespread popularity, the standard began to lose significance. As a result, the organization replaced SAS 70 with the Statement on Standards for Attestation Engagements (SSAE) No. 16 in 2011. Today's SOC auditing reports are are issued in compliance with the SSAE16 standard.

To achieve SOC certification, an independent auditing firm evaluates an organization on-site, documenting the controls and environment and drafting a report that attests to how well security qualifications are met. SOC 2 certification specifically is based on five critical "trust principles" for IT organizations, including security, availability, processing integrity, confidentiality, and privacy.

"When it comes to sensitive health data, trust is as important as security," said Steve Wray, CEO of CloudMine. "CloudMine holds itself to the highest compliance standards, and third-party certification provides this assurance to our customers. Their confidence is a critical priority to us, and CloudMine continues to put ourselves at the forefront as new security controls are established."

To read more about CloudMine's commitment to security, visit

About CloudMine
CloudMine is the leading HIPAA-compliant Enterprise Health Cloud platform. CloudMine empowers healthcare organizations to rapidly and confidently develop connected digital health experiences by reducing complexity, enabling data mobility, and ensuring compliance. Recognized by industry analysts for their vision, collaboration, and ability to scale, CloudMine is partnering with a diverse portfolio of customers, such as the American Heart Association and Thomas Jefferson University Hospitals, to successfully address many of the biggest challenges in the digital transformation of healthcare. For patients, providers, clinical investigators and digital innovators, connected healthcare is better healthcare.  For more information, visit, call (855) 662-7722, or follow @cloudmineinc on Twitter.

CONTACT: Elysse Ciccone
(215) 600-0050 Ext. 1057

Editor's Details

Mike Wood

Last updated on: 23/01/2018

Site Map | Privacy & Security | Cookies | Terms and Conditions is Europe's leading industry-sponsored portal for the Pharmaceutical sector, providing the latest jobs, news, features and events listings.
The information provided on is designed to support, not replace, the relationship that exists between a patient/site visitor and his/her physician.