NCSA blog series on SOC 2 certification

["Dopheide, Jeannette M" <jdopheid () ILLINOIS EDU>]

Hello EDUCAUSE Security list,

I'm sharing a new blog series documenting NCSA's work pursuing a SOC Type 2 certification:

NCSA’s Advanced Computational Health Enclave (ACHE) is a multi-tenant environment providing high-performance computing 
(HPC) for research involving electronic Protected Health Information (ePHI). NCSA follows HIPAA standards and has 
implemented a set of security controls to ensure the protection of ePHI.

As a validation of our controls, NCSA is pursuing a SOC 2 Type 2 certification for its ACHE environment. A SOC 2 is an 
assessment of a service organization’s system and organizational controls. These internal controls, including policies, 
business processes, and technical controls, are assessed according to one or more of the AICPA’s Trust Service Criteria 
for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Our goal with the series is to document our efforts, recommendations, and lessons learned during this process.
To read more, see our blogs posted here:
https://wiki.ncsa.illinois.edu/label/cybersec/soc_2

--
Jeannette M. Dopheide
Sr. Education, Outreach and Training Coordinator
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community