Adequate internal IT controls exist
TechnologyOne acquired this standard in 2015 to satisfy customer need for information and evidence on auto-scaling, security practices and the operational process for the TechnologyOne SaaS solution.
This standard demonstrates to customers that security practices are in place to: promote security and prevent unauthorised access, ensure system availability, enable processing integrity, protect confidentiality and protect privacy.
Existing SaaS customers of TechnologyOne are entitled to request the AT-C 205 SOC 2 audit reports, to provide to their auditors.
In 2019, the TechnologyOne SaaS Platform completed compliance against the Health Insurance Portability and Accountability Act (HIPAA), a US standard that provides the highest globally recognised best practice for data privacy and security of medical information. Whilst this is a US standard, it demonstrates our commitment to the security and privacy of customer data, particularly in the health sector.
HIPAA compliance has been added as an extension to our SOC 2 report which is currently available for our SaaS Platform customers.
The AT-C 205 SOC 2+ HIPAA report is produced annually and customers can request bridging letters from TechnologyOne to assist with aligning to specific audit periods.
The SOC 2 report and the bridging letter can be requested by any current contracting customer by raising a SOC 2 report request case in the Customer Community.
If you are the registered auditor for a current TechnologyOne customer, please speak with them directly to obtain a copy.