Catalytic has Successfully Completed both SOC 2 and HIPAA Attestation Examinations

Meg LaVelle

Meg LaVelle


· 2 min read

compliance SOC2

We are proud to announce that we have successfully completed our SOC 2 Type 1 and HIPAA attestation examinations!

But what does this really mean? Let’s talk about SOC 2. You might have noticed that your customers love to ask if you are ‘SOC 2 compliant,’ but you might not really know what that means. Or maybe you are the one that asks your vendors this question. You might just know that somewhere down the line, your security team is going to need a copy of the report. First of all, ‘SOC’ stands for Service Organization Controls. This is one of the most widely recognized sets of standards for security. One of the main motivations behind us reaching this goal at Catalytic was our customers, as SOC 2 is highly valued (and in some cases, required) by companies of all sizes and industries. Equally important was our management’s dedication to excellence and quality. For a 3 year old start up, we are lucky to have a team that values security and knows the importance of having a strong compliance framework.

Our audit reports describe our systems, and tell us that our internal controls are suitably designed. They help the reader learn about and trust us, and they demonstrate that we have policies and procedures in place to ensure we are maintaining a secure environment while keeping our commitments to our customers.

We are happy that our reports have a clean auditor’s opinion; but to take it a step further, we actually did not have any exceptions, or findings, on our final reports! As an auditor with about 8 years experience under my belt, I know that this is pretty rare. We can attribute this excellent result to our approach of investing in security early, and to a thorough audit readiness assessment that our compliance team worked very hard to prepare for.

In the words of our auditors: “Catalytic was very proactive in engaging with our team throughout their readiness preparation and diligently leveraged our planning guidance that paved the way for a well-orchestrated and successful examination. Coupled with their promotion and desire for a strong internal control environment, Schellman was able to conduct multiple assessments seamlessly and effectively.” -Rob Tylka, Senior Manager at Schellman & Company, LLC

This is an important milestone for Catalytic and we are excited to move forward with our security program - we also can’t wait to continue to share what we’re learning along the way!

Read Next

Trees -- Meet Forest.

I have met and worked with dozens of companies that hope to use machine learning in a meaningful way to improve their business operations. Almost all of them are lost in the details of the science experiment of getting the technology to work. And this misses the key larger issue – the need to conduct business experiments on how to get this technology to work to improve business operations.