How does Thoughtful provide a bridge letter for SOC 2 Type II?
At Thoughtful, we understand the importance of maintaining continuous assurance of our security controls, especially during the interim period between our annual SOC 2 Type II audits. To address this, we provide a bridge letter, also known as a gap letter, upon request. This letter, prepared by our independent auditors, outlines any changes in our controls since the last audit and provides assurance that our controls continue to operate effectively. Please contact our Compliance Department if you require a bridge letter or have any further questions about our SOC 2 Type II compliance.
Does Thoughtful sign Business Associate Agreements (BAAs)?
Yes, Thoughtful is committed to supporting our healthcare clients in maintaining HIPAA compliance. As part of this commitment, we are willing to sign Business Associate Agreements (BAAs). A BAA is a legally binding document that outlines our responsibilities in handling and protecting your Protected Health Information (PHI). By signing a BAA, we assure you that we have the necessary safeguards in place to protect your PHI, and we accept accountability for any breaches in compliance. Please contact our Compliance Department to initiate the BAA process.
How does Thoughtful ensure the security of its automation modules?
At Thoughtful, we take the security of our modules very seriously. Each module operates within a secure environment with strict access controls. Data processed by our modules are encrypted both in transit and at rest, ensuring that your information is always protected. We also conduct security audits and vulnerability assessments to identify and address potential risks. Furthermore, our modules are designed to follow the principle of least privilege, meaning they only have access to the data and resources necessary to perform their tasks. This minimizes the potential impact of any security threats. Rest assured, the security of your data is our top priority.