Proving Information Security Controls, Xolv Achieves SOC II Certification

Type 2 designation based on security, availability, processing integrity, confidentiality and privacy

In a landscape rife with cybersecurity threats, securing sensitive data is paramount – especially for a new company that handles Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). With the increasing reliance on cloud-based systems for storage and processing, ensuring the protection of patient information is not just a compliance requirement but a moral obligation for Xolv Technology Solutions, Inc. – a burgeoning behavioral health technology company that recently achieved SOC II Type 2 certification, marking a significant milestone in its commitment to data security and privacy.

Obtaining SOC (System and Organization Controls) II Type 2 certification underscores Xolv’s unwavering commitment to meeting the highest standards of data security and privacy. The SOC II framework, developed by the American Institute of CPAs (AICPA), assesses the reliability of an organization’s controls over information security, availability, processing integrity, confidentiality and privacy. Achieving Type 2 certification signifies not just the implementation of controls, but their effectiveness, as well.

Xolv has swiftly made waves in the industry with its innovative approach to addressing behavioral health challenges through technology. The company offers a range of solutions aimed at enhancing access to care, improving outcomes and streamlining processes for both patients and healthcare providers.

“Obtaining our SOC II right away was critical to us for two major reasons,” said Xolv Chief Technology Officer Nhan Nguyen. “First, with being in the healthcare industry, we handle a lot of sensitive data. And, second, we’re ostensibly a new company. We want to ensure we’re taking every step needed to protect ourselves and our clients.”

Xolv achieved its SOC II certification in in July 2023 ahead of becoming its own company on Jan. 1, 2024. Prior to 2024, Xolv provided technology solutions to Catalight, one of the largest behavioral health networks in the United States, that supported the treatment of autism spectrum disorder and intellectual and developmental disabilities designed to benefit clients, their families and clinicians.

“While we’re still new, we have deep rooted experience,” said Nguyen. “It was imperative for us to complete this task in order to uphold trust and confidence with our customers.”

By successfully completing this audit and obtaining certification, Xolv has demonstrated its ability to safeguard sensitive information successfully.

For Xolv, the path to certification was rigorous but necessary. The six-month process involved a thorough assessment of its systems, processes and controls by an independent third-party auditor. The audit scrutinized various aspects of operations, including data encryption, access controls, incident response procedures, risk plans, emergency response and vendor management practices.

The significance of SOC II Type 2 certification extends beyond regulatory compliance. It instills trust and confidence among stakeholders, including clients, partners and investors.

According to research by IBM and Ponemon Institute, nearly 30% of businesses will experience a data breach in the next two years. The ability to demonstrate robust security measures is a competitive differentiator. For Xolv, achieving SOC II Type 2 certification not only validates its commitment to data security but also positions it as a trusted partner in the behavioral health industry. It provides assurance to healthcare organizations and individuals alike that Xolv has implemented the necessary safeguards to protect sensitive information.

“Given the stringent HIPAA regulatory requirements and other industry standards we operate under, ensuring the confidentiality, integrity and availability of patient data for our customers is non-negotiable,” said Kiran Philipponnat, Senior Vice President of Product and Technology Operations. “As we grow and scale operations, maintaining a strong security posture will remain our top priority. This certification validates our experience and our past efforts while setting the stage for ongoing enhancements to our controls and practices.”