Privacy and Security
Committed to safeguarding data
Because of the private nature of the information in ISO ClaimSearch®, ISO has taken precautions to restrict access and promote security. The operation of ISO ClaimSearch complies with federal and state privacy legislation as applicable.
Governing policy requirements
Governing policy requirements
- Only authorized individuals within appropriate entities can access and use the data.
- Users must access and use the information in a manner consistent with laws and regulations.
- Information must be secure from damage and destruction.
- The system must have procedures to audit the access and use of database information.
- Users violating the policy face sanctions commensurate with the violation.
How we test controls using third-party auditors
ISO ClaimSearch reviews the effectiveness of its controls over security, availability, processing integrity, confidentiality, and privacy via SOC reports based on the principles in the American Institute of Certified Public Accountants (AICPA) TSP Section 100, Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy. ISO ClaimSearch maintains a SOC 2 report mapped to the most current HITRUST controls within the reporting period. ISO ClaimSearch also maintains a SOC 3 report. The SOC 2 Type 2 report is available to current and prospective customers upon request. Please submit a request to ClaimSearchCompliance@iso.com. The SOC 3 report is available to the general public.