Medac Inc. Achieves SOC 2 Type 1 Data Security Compliance; Demonstrates Ongoing Dedication to Secure Client Data

Eric Seward March 2, 2016

    Medac Inc., a medical business management services provider, has successfully completed the Service Organization Control 2 (SOC 2) Type 1 examination under AT Section 101. Completion of the SOC 2 Type 1 examination is widely recognized because it represents that a service organization has been through an evaluation of its control activities as they relate to the applicable Trust Services Principles and Criteria.

    The SOC 2 Type 1, developed by the American Institute of Certified Public Accountants (AICPA), is the most widely recognized authoritative guidance that provides service organizations a uniform method for disclosing independently assessed information about the design and operation of internal controls related to their services.

    Companies who complete an annual SOC 2 examination are able to demonstrate a substantially higher level of assurance and operational visibility than those companies that do not.

    “The SOC 2 Type 1 process is vital to Medac’s security and controls posture,” said Bellinger Moody, Medac’s Chief Executive Officer. “It provides an outside validation for our clients, vendors, and boards of directors that we are committed to excellence as we continue to grow.”

    The SOC 2 Type 1 examination demonstrates a company’s continued commitment to create and maintain the most stringent controls needed to ensure the highest quality and security of services provided to their customers. The five control principles are:

    • Security: The system is protected against unauthorized access, use, or modification.
    • Availability: The system is available for operation and use as committed or agreed.
    • Processing Integrity: System processing is complete, accurate, timely, and authorized.
    • Confidentiality: Information designated as confidential is protected as committed or agreed.
    • Privacy: The privacy principle addresses the system’s collection, use, retention, disclosure, and disposal of information.

    The demanding third-party examination that led to compliance with the data security standards was administered by the professional audit staff at 360 Advanced, a national Qualified Security Assessor and Certified Public Accountant firm based in Tampa, FL.

    The Service Auditors’ Report includes a detailed description of Medac Inc.’s controls and an independent assessment of whether the controls are placed in operation and suitably designed. For any further questions, please contact Sam Bruce, PMP, CISM, CSM, CSSGB at Medac.


    Medac is an anesthesia practice management and medical billing company with over 500 employees with its main operations center in North Augusta, SC. Medac uses proprietary technology to process government, patient and insurance claims for anesthesia groups to improve financial performance and reduce compliance risk. mpliance services.