OVERVIEW
MD Ally maintains a security and compliance program designed to protect the confidentiality, integrity, and availability of the systems and data used to support its services. As part of this program, MD Ally has completed multiple independent SOC 2 Type II examinations conducted by nationally recognized audit firms that specialize in cybersecurity, privacy, and compliance assessments for healthcare and technology organizations.
SOC 2 examinations evaluate an organization’s controls against the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). These criteria assess how organizations manage systems and data related to security, availability, and operational reliability.
Through these independent audits, MD Ally demonstrates that it maintains a structured control environment designed to support the secure operation of its platform and the protection of sensitive healthcare and public safety data.
SCOPE OF THE SOC 2 EXAMINATION
The SOC 2 Type II audit evaluates both the design and operating effectiveness of controls over a defined audit period. Independent auditors review how MD Ally manages operational and security risks associated with the systems used to deliver its services.
The examination includes controls across several operational areas, including:
• information security governance
• identity and access management
• infrastructure and system security
• monitoring and logging of system activity
• change management and software deployment controls
• risk management and security oversight processes
• incident detection and response procedures
• vendor and third-party risk management
The Type II designation means the independent auditor evaluates not only the design of these controls but also their effectiveness over time.
SECURITY & COMPLIANCE PROGRAM
MD Ally maintains a comprehensive security program designed for environments that handle sensitive healthcare and public safety data.
Operational safeguards may include:
• role-based authorization and access management
• identity verification and authentication controls
• encryption of sensitive information in transit and at rest where appropriate
• continuous monitoring of system activity and security events
• system logging and audit trail capabilities
• formal processes for change management and system updates
• security incident detection, response, and remediation procedures
MD Ally’s systems operate within a secure cloud infrastructure designed to support HIPAA compliance and SOC 2 audited security controls.
The organization maintains policies and operational practices that guide how systems are deployed, monitored, and maintained. These practices are supported through documented security procedures, system configuration standards, and governance processes that help manage risk and protect sensitive information.
Security controls are reviewed as part of ongoing risk management and operational oversight activities to support the reliability and security of the MD Ally platform.
INDEPENDENT AUDIT HISTORY
MD Ally undergoes annual SOC 2 audits as part of its ongoing commitment to security and compliance.
Each examination is performed by an independent auditor who reviews the design and operation of controls within MD Ally’s environment over a defined reporting period. The audit process evaluates how the organization manages security controls, monitors operational activities, and maintains processes designed to support system integrity and data protection.
These recurring audits provide an external validation of MD Ally’s security practices and confirm that the organization maintains structured processes for managing access control, infrastructure protection, monitoring, and operational risk.
Regular third-party assessments help ensure that security controls continue to operate effectively as MD Ally’s technology platform, partner ecosystem, and operational environment evolve.
ACCESS TO THE SOC 2 REPORT
The full SOC 2 Type II report contains detailed descriptions of MD Ally’s systems, infrastructure, security controls, and independent auditor testing procedures. Because this report includes sensitive information about internal security architecture and control environments, it is not publicly distributed.
Current customers, public safety partners, and authorized organizations that maintain an active relationship with MD Ally may request access to the SOC 2 report for compliance or security review purposes.
To request access, please contact:
Requests should include:
• the requesting organization’s name
• the name and role of the individual requesting the report
• confirmation of an existing contractual or operational relationship with MD Ally
Prior to receiving the report, requestors may be asked to complete a confidentiality agreement or confirm authorization to access security documentation.
These controls help ensure that detailed security information is shared responsibly while still allowing partners to review the independent audit results.
COMMITMENT TO SECURITY
MD Ally recognizes that public safety agencies, healthcare providers, and government partners depend on reliable and secure technology systems.
SOC 2 examinations are one part of MD Ally’s broader security and compliance program. The organization also maintains operational governance processes designed to support responsible system management, protection of sensitive information, and oversight of security practices across its platform.
These practices support the secure delivery of services used by healthcare providers, municipalities, emergency communications centers, and EMS agencies. The combination of recurring independent audits, HIPAA safeguards, and internal governance processes helps maintain a strong security posture while supporting the operational reliability required for real-time public safety and healthcare environments.
MD Ally continues to evaluate and strengthen its security and compliance practices as its services expand and technology environments evolve.
