Security

What is SOC2 Compliance?

Henry Schein One is constantly looking for ways to improve its security posture and is the first to receive SOC-2 Type II certification for practice management software, Dentrix Ascend.

“We strive to implement a robust Information Security discipline and program within our organization. SOC-2 Type II compliance for Dentrix Ascend demonstrates our willingness and ability to conform with high standards.”

Kenton McDaniel, CISO of Henry Schein One

Service Organization Control 2 (SOC-2) is a component of the American Institute of CPAs (AICPA)'s Service Organization Control reporting platform. SOC-2 is a technical auditing process and certification that measures security and availability and serves as an assurance to customers that their data is being managed in a controlled and audited environment.

When an application achieves SOC-2 compliance, it signifies that the organization has taken appropriate steps to ensure compliance in the areas that were measured.

SOC-2 compliance is essential for service organization platforms that store customer data in the cloud. SOC-2 is relevant for all SaaS platforms.

There are two types of SOC2 audits that are available:

  • SOC-2 Type I shows the controls of an organization around the application to be audited.
  • SOC-2 Type II introduces historical operational controls into the audit.

Why is SOC-2 Type II Compliance Important?

Meeting SOC-2 Type II compliance demonstrates establishing processes and procedures that place security and confidentiality at the forefront.