Bluefin is now SOC 2 Compliant

We’re excited to share that Bluefin is now SOC 2 compliant!

By achieving SOC 2 compliance, we’re ensuring that our customers’ sensitive data is protected with the highest standards of security, giving them peace of mind as they focus on critical work. Maintaining data security and protecting our customer’s information is the highest priority for our team. We’re thrilled to celebrate this milestone, not just as a testament to our team’s efforts, but as a promise to our customers that their trust is well-placed.

What is SOC 2?

SOC 2 is a compliance framework governed by the American Institute of Certified Public Accountants (AICPA). During a SOC 2 audit, an independent service auditor reviews an organization’s policies, procedures, and evidence to determine if their control are operating effectively. The SOC 2 report communicates a company’s commitment to data security and protection of customer information.

Why SOC 2 matters

Bluefin recognizes the responsibility we have to our customers to maintain a high degree of data security and protection of customer information. We recognized that, as a company operating in the clinical trial space, it was important for us to pursue SOC 2 compliance as early as possible. Pursing compliance gave us a framework to mitigate risks early & on an ongoing basis for our customers. In this space, we don’t believe it’s just best practice, but a necessity to ensure trust and integrity.

Challenges & Preparation

One of the challenges we faced was finding the time to align our internal processes with SOC 2 requirements. Preparing for the audit required dedicated time and focus from our team. We implemented controls and collected the necessary evidence to showcase compliance. We also took the time to align our security review processes with the requirements of SOC 2. Security and compliance are continuous processes in an organization, and must be prioritized not just at audit time, but continually throughout day-to-day tasks.

Our Partners

Our compliance partners, Vanta & Advantage Partners, streamlined the process of achieving compliance. Vanta gave us the tools we needed to automatically and continually monitor our infrastructure. We were able to integrate our systems to get guidance and feedback on what to improve to become audit-ready. Advantage Partners provided plenty of guidance throughout. After we prepared our controls and evidence in Vanta, Advantage Partners were able to review our systems and issue a SOC 2 report. Now that we have controls implemented, subsequent SOC 2 audits will be even more seamless.

Looking Ahead

This is a significant milestone for our company, but it’s just the beginning. As said before, security & compliance are a continuous process, and we take the responsibility to our customers seriously. We will continue to prioritize security as a core piece of our operations as we move forward.

Clinical supply platforms are a necessary piece of running successful clinical trials. If you need a modern platform for clinical supplies, offered by a company that takes your data security seriously, look no further than Bluefin.