Expedient Announces Availability of Updated Service Organization Control Reports, Now Including HITRUST CSF

Pittsburgh, PA (January 8, 2018) – Expedient, a cloud computing and data center infrastructure as a service provider (IaaS), announced today that it has published updated service organization control (SOC) reports that include controls pursuant to the Health Information Trust (HITRUST) Alliance Common Security Framework (CSF).

The HITRUST Alliance maintains a collaboration with the American Institute of Certified Public Accountants (AICPA) to publish a set of recommendations that streamline and simplify the process of applying the CSF to SOC 2 reporting, an accounting standard for reporting service organization controls at service providers. This complementary approach provides healthcare organizations that must comply with the Health Insurance Portability and Accountability Act (HIPAA) the ability to rely upon one comprehensive framework relevant to their organization type.

SOC reports offer a confirmation of services provided by third party service organizations including information that users need to assess and address the risks associated with an outsourced service. They’re designed to help information technology organizations build trust and confidence in their service delivery processes and controls through an independent report from a CPA.

Expedient annually publishes SOC 1, SOC 2 and SOC 3 reports for each of its eleven (11) colocation data centers based upon the National Institute of Standards and Technology (NIST) Special Publications control framework, including NIST SP 800-53, however, this is the first year that HITRUST CSF controls have been included. “Expedient has been a party to HIPAA business associate agreements with healthcare industry clients such as hospitals, health plans and insurance brokerages, healthcare clearing houses, and healthcare software as a service (SaaS) providers for many years. The integration of SOC 2 for HITRUST controls further extends our team’s commitment to written attestation of their effectiveness in our effort to complement client’s own pursuit of compliance,” said Jonathan H. Rosenson, Senior Vice President of Strategic Initiatives.

About Expedient

Expedient is a cloud and data center infrastructure as a service (IaaS) provider with local operations in Pittsburgh, PA; Baltimore, MD; Boston, MA; Cleveland, OH; Columbus, OH; Indianapolis, IN and Memphis, TN. Ranked as one of the Top 10 managed services providers worldwide on the 2017 MSPMentor 501 list, Expedient’s converged solutions enable clients to focus on strategic business innovation, while the Expedient team handles operation of the information technology needed to support it. Expedient data centers are compliant with the Health Insurance Portability and Accountability Act (HIPAA) as well as the Payment Card Industry Data Security Standard (PCI DSS); the company also certifies to the EU-U.S. Privacy Shield framework for the protection of personally identifiable information. Learn more at expedient.com.