Following a thorough assessment of its security controls and processes—as well as business operations protocols, data protection systems, and more—Murj achieved SOC 2 compliance for 2024. This independent audit validates the design and operating effectiveness of Murj’s efforts related to data security, integrity, and privacy within its cardiac device management platform.
What is SOC 2?
Systems and organization controls (SOC) 2, a globally-recognized audit overseen by the American Institute of Certified Public Accountants (AICPA), ensures service organizations—particularly cloud-based ones—maintain a secure environment for managing and protecting sensitive data.
Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how a company implements and manages controls to mitigate identified risks to the different parts of its organization. The audit framework is based on the AICPA’s Trust Services Criteria (TSC).
In order to pass a SOC 2 examination and receive a letter of attestation, an organization must demonstrate that it has implemented controls in information security, access control, vendor management, system backup, business continuity, disaster relief, and more.
Why CIED clinics should partner with SOC 2-compliant vendors
In the world of CIED management, trust is non-negotiable. Healthcare providers rely on technology vendors to handle highly sensitive patient data, making robust security practices essential. Choosing a SOC 2-compliant vendor offers a significant level of assurance. This globally recognized audit, conducted according to AICPA standards, verifies that the vendor has established and maintains effective controls to protect data. SOC 2 compliance demonstrates a commitment to safeguarding information against unauthorized access, disclosure, and system disruptions in alignment with the AICPA’s TSC.
Murj and SOC 2
Robust security is fundamental to our engineering and design process, and our consistent achievement of SOC 2 compliance demonstrates our dedication to continuously improving and maintaining the highest security standards for our platform.
Reed Gaither, Co-founder and COO
Data safety and security is top of mind at Murj. The company invests heavily in a secure cloud infrastructure that is monitored and maintained 24/7, ensuring patient information is protected at all times. A big part of this investment is Murj’s commitment to ensuring its security practices are in line with the latest professional standards.
In 2024, Murj successfully completed a SOC 2 audit for the sixth consecutive year. This analysis validates Murj software as a safe and secure cardiac device management solution.
A-LIGN, a trusted security and compliance organization, has conducted all of Murj’s SOC 2 audits since 2019.
About A-LIGN
A-LIGN is a leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST, and a top three FedRAMP assessor.
Security is a priority
Murj takes no shortcuts in protecting the safety and security of clinic patient data. Want to learn more about our platform security? Connect with us today.
