As we have stated previously…the “SOC 2 Type II Certification” of your case management operating system is often a decision variable in RFP proposals…and sometimes a pre-requisite to even bid.  More and more, prospective clients, particularly larger ones such as Insurance Companies, look for this designation as assurance that their important and confidential data, as well as the process itself, is secure and complete.


Thus, when a client RFP requests or necessitates “Soc 2 Type II System Certification”, you might be tempted to search and reach for anything that might appear to qualify (especially if the proposal means something to you).


Not all case management operating systems are CROSStrax™, which is “SOC 2 Type II Certified”.  To save you time in your efforts to comply, here however are some items that do NOT qualify so that you do not invest too many resources into an uphill battle or a doomed submission…


  • If, for example, Amazon Web Services (an excellent provider) is your service provider, because they are SOC 2 Type II Certified themselves does NOT mean that YOUR Operating Platform is certified. Again, the operating system you use needs to be certified.  A prospective client sophisticated enough to ask, will be sophisticated enough to know the difference.


  • Indicating that your operating system has all the requisite controls but is NOT CERTIFIED…is asking the prospective client to trust you. In the absence of a third-party (CPA firm) having comprehensively tested and certified your operating system, the client will NOT see that as the equivalent.  They asked for evidence of SOC 2 Type II Certification for a reason.


  • Saying you are “planning” on getting certified is not the equivalent of BEING CERTIFIED – don’t be surprised if they are not willing to wait.


The GOOD NEWS once again…CROSStrax is SOC 2 Type II Certified.  If CROSStrax is your operating platform, rest easy and “check” that box.


We at CROSStrax would be happy to discuss how our secure case management system can help you.