Netgain understands the critical importance of information protection to our clients and recognizes the contribution information security can make to their strategic initiatives and overall risk management. Netgain has adopted security controls and practices designed to protect the confidentiality, integrity, and availability of client information hosted within the Netgain Managed Information Technology-as-a-Service (ITaaS) environment and continually works to strengthen and improve those security controls and practices.
Netgain takes a holistic approach to information security, implementing multilayered defense where perimeter, network, endpoint, application, and data protection security practices and procedures complement each other.
Netgain has implemented an Information Security Management System (ISMS) based on the ISO/IEC 27001:2022, a globally recognized standard. The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS within the context of the organization’s overall business risks. It sets forth a risk-based approach focusing on adequate and proportionate security controls that protect information assets and give interested parties confidence, including our clients.
The Netgain ISMS supports the infrastructure and services used to manage the information assets, staff, processes, and technology behind the Netgain’s Managed Information Technology-as-a-Service (ITaaS) System.
In alignment with the International Standard on Assurance Engagements (ISAE No. 3402), the American Institute of Certified Public Accountants (AICPA) developed the Statement on Standards for Attestation Engagements 18 (SSAE18), Service Organization Controls (SOC) suite of services. The SOC2 report is intended to provide information about a service organization’s system relevant to selected AICPA Trust Services Criteria (security, availability, processing integrity, confidentiality, or privacy). It enables report users to assess and address potential risks related to their relationship with that organization. It also offers assurance to service organizations and users that system controls reasonably protect the confidentiality and privacy of user information processed by the system.
An SSAE18-SOC2 report reflects a service auditor’s attestation (opinion) regarding a service organization’s description of its system and the suitability of the design of its controls with respect to applicable Trust Services Criteria. An SSAE18-SOC2 examination results in a report that provides a useful and standard way of understanding an organization’s oversight, corporate governance, supply chain management, and risk management processes.
An SSAE18-SOC2-Type II report addresses the operational effectiveness of controls over a specified review period in addition to the system description and suitability of control design.
Clients may request a copy of the Netgain SSAE18-SOC2-Type II report by contacting their Netgain Sales Representative or designated Netgain account contact.
Our security team is dedicated to tracking the latest cybersecurity threats and deploying evasive strategies to keep your data secure. We take on the responsibility of protecting your sensitive data. Each year, we go through rigorous, external security audits to ensure our physical environment, as well as our processes and procedures, are in line with what’s needed to protect our clients’ data. We are SSAE 18-certified and we constantly review the latest cybersecurity and compliance protocols.
Sue Wilkus | Director of Information Systems | Colon and Rectal Surgery Associates
Read moreAll case studies
