SOC 2 Type 2 and HIPAA Compliance

Written by Anna Burman

We are proud and happy to announce that we have received our second year SOC 2 Type 2 attestation report on January 29, 2021. This year, HIPAA was also included in the scope of the audit. The audit period was December 1, 2019 through November 30, 2020.

We will continue to have an annual audit at the same period going forward. The assessment was performed by BARR Advisory, and their report provides evidence of our dedication to provide our customers with a secure high-quality service.

In addition, we have received a SOC 3 report on February 4, 2021, which is a summary of the SOC 2 report. It’s publicly available here.

What is SOC 2 Type 2 compliance?

For more info on what SOC 2 Type 2 compliance is, please read our blog from last year’s audit: Commitment to Security: Announcing SOC 2 Compliance

What is HIPAA compliance?

The Health Insurance Portability and Accountability Act (HIPAA) is an American law. It requires affected companies and organizations to follow a data security standard for protecting Personal Health Information (PHI). 84codes (the company providing the service ElephantSQL) is a Swedish company, and thus not obligated to be HIPAA compliant. However, by request from our customers, we have achieved HIPAA compliance to better serve their needs. If you want to sign a Business Associate Agreement with us, please send an email to legal@84codes.com.

Security and Compliance Going Forward

Our internal Security and Compliance Program is very robust thanks to our vast experience in keeping it updated to the latest regulations. SOC 2 and HIPAA have complimented our existing program nicely with a holistic approach to security.

It seems that there is a new IT threat or challenge on a daily, sometimes hourly, basis, and therefore security and compliance must continuously evolve to keep up. Because of this, we are committed to conducting a SOC 2 Type 2 and HIPAA audit on an annual basis, prioritizing secure and dependable service for our customers.

If you have any questions or want to receive a copy of the SOC 2 Type 2 report, please send an email to compliance@84codes.com.