Adequate internal IT controls exist
TechnologyOne acquired this standard in 2015 to satisfy customer need for information and evidence on auto-scaling, security practices and the operational process for the TechnologyOne SaaS solution.
This standard demonstrates to customers that security practices are in place to: promote security and prevent unauthorised access, ensure system availability, enable processing integrity, protect confidentiality and protect privacy.
Existing SaaS customers of TechnologyOne are entitled to request the AT-C 205 SOC 2 audit reports, to provide to their auditors.*
In 2019, the TechnologyOne SaaS Platform completed compliance against the Health Insurance Portability and Accountability Act (HIPAA), a US standard that provides the highest globally recognised best practice for data privacy and security of medical information. Whilst this is a US standard, it demonstrates our commitment to the security and privacy of customer data, particularly in the health sector.
HIPAA compliance has been added as an extension to our SOC 2 report which is currently available for our SaaS Platform customers.
The AT-C 205 SOC 2+ HIPAA report is produced annually and customers can request bridging letters from TechnologyOne to assist with aligning to specific audit periods.
The SOC 2 + HIPAA report and the bridging letter can be requested by sending a formal email request to the SaaS Compliance email: firstname.lastname@example.org
*Distribution restrictions apply, email SaaS Compliance for further information.