Ariadne Software Receives SOC 2 Type 1 Attestation for its Information Security Management System

Ariadne Software Receives SOC 2 Type 1 Attestation for its Information Security Management System
August 5, 2022 Ariadne Solutions

Advancing on its commitment to maintain the highest levels of security and data integrity for its customers, Ariadne Software® has reached another milestone of SOC 2 Type 1 attestation for its information security management system. The SOC 2 framework is designed to ensure that an organization can securely manage the data of the organization as well as its clients.

Lawrence, KS, Aug 5, 2022: On July 27, 2022, Ariadne Software® received its Service Organization Control (SOC) 2 Type 1 attestation report from IS Partners, an American Institution of Certified Public Accountants (AICPA) accredited body. “Building upon our commitment to offer a secure and compliant offering, the Ariadne team has received a SOC 2 Type 1 attestation in addition to the previously accomplished certification for ISO/IEC 27001: 2013 framework and compliance with 21 CFR Part 11 guidance. While the policies, procedures, and security controls were already in place, the voluntary SOC 2 auditing process invites an accredited third-party to closely examine the measures in place and provide assurance to clients, who may require SOC 2 or ISO 27001 certifications as a prerequisite to consider a vendor” shared Stephanie Pasas-Farmer, President and Founder of Ariadne Software.

A SOC 2 Type 1 report demonstrates sufficiency of an organization’s administrative, technical, and logical controls to address the Trust Service Criteria – controls outlined by AICPA for information security management systems. For SOC 2 audits, the Trust Service Criteria are categorized among Security, Confidentiality, Availability, Processing Integrity and Privacy, where Security is a mandatory Trust Service Criteria for all organizations undergoing SOC 2 audits. While a Type 1 audit focuses on a point-in-time evidence, Type 2 audit entails evidence collected over a period – a minimum of 3 months (please find more details on these certification frameworks here).

The scope of Ariadne’s Type 1 audit covered Security, Confidentiality, and Processing Integrity of Ariadne’s ISMS. The decision to exclude Availability and Privacy for the audit was calculated and rational. Ariadne’s premier software, Red Thread®, uses Amazon Web Services (AWS) as a sub-service organization for infrastructure and compute resources. AWS has its own SOC 2 Type 2 report that includes Availability, thereby providing assurance of its compliance with best practices. Additionally, Red Thread is not exposed to any private patient information and is designed to delete the client’s input report/data file after processing, thereby not holding onto client data/reports. These facts guided our judgment to opt out of Availability and Privacy.

During the audit, Ariadne demonstrated sufficient implementation of controls in compliance with Security, Confidentiality, and Processing Integrity through walkthroughs and evidence collection. As an ongoing effort, we will accomplish our ISO 27001 recertification as well as SOC 2 Type 2 attestation in the coming year.

About Ariadne Software

Ariadne Software® applies artificial intelligence solutions to bioanalytical data to accelerate data review and offer unprecedented levels of sensitivity and granularity for precision bioanalysis. The company was founded on the belief that the right tools paired with bioanalytical expertise can help biopharmaceutical scientists better identify and predict risk early in drug development, while accelerating drug development timelines and delivering treatments to the patients who need them most.

Stephanie Pasas-Farmer
Founder and President