Trust Your Supplier (TYS) Completes SOC Examinations for Fourth Consecutive Year

In the fast-paced landscape of business operations, the secure exchange of information stands as a cornerstone of success across all industries. Cybersecurity, confidentiality, and data privacy remain paramount concerns, particularly in the realm of document exchanges and data transfers. Trust Your Supplier (TYS), a flagship initiative under the purview of Chainyard, acknowledges the critical nature of these issues within its network of participants. To bolster this commitment, TYS and Chainyard proudly announce the successful completion of SOC 1 & SOC 2 Type 2 examinations for the fourth consecutive year with no exceptions, reaffirming its dedication to meeting the most stringent data security requirements.

The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks.

What is SOC 2 report?
SOC 2 report  addresses risks associated with the handling and access of data, and can be used by a variety of organizations of any size (e.g. SaaS, colocation, data hosting, etc.) Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.
The SOC 2 audit testing framework is based off of the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in-scope, the third-party compliance and audit firm evaluates whether the organization has the appropriate policies, procedures and controls in place to manage the identified risks effectively.

In order to pass a SOC 2 examination and receive a letter of attestation successfully, it means an organization is addressing controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief, and more.

Trust Your Supplier & Chainyard performs SOC 1 and SOC 2 audits on an annual basis and reports are available to current clients upon request and to potential clients upon execution of a non-disclosure agreement. If you are interested in viewing these SOC reports, please contact us.

Mitigating Cyberattack Fallout

How Trust Your Supplier Could Safeguard Pharmacy Operations

by Michelle Armstrong, TYS Global VP of Value Solutions Consultant

In the wake of the recent cyberattack disrupting US pharmacies’ prescription filling processes, it’s evident that the healthcare sector remains vulnerable to digital threats. The incident, as reported by major news agencies, underscores the critical need for robust cybersecurity measures to protect sensitive patient data and ensure uninterrupted healthcare services.

The cyberattack, which targeted a major supplier, has caused significant delays in prescription filling across numerous pharmacies nationwide. Such disruptions not only inconvenience patients but also pose serious risks to their health, particularly for those dependent on timely medication refills.

Amidst this tumultuous landscape, Trust Your Supplier (TYS) emerges as a beacon of hope for pharmacies striving to fortify their supply chain resilience and security protocols. TYS, a blockchain-based platform designed to enhance supplier qualification processes, offers several key advantages in mitigating the aftermath of cyberattacks:

1. Verified Supplier Networks: Trust Your Supplier leverages blockchain technology to establish a trusted network of suppliers vetted through stringent qualification processes. By onboarding verified suppliers, pharmacies can minimize the risk of engaging with potentially compromised entities, thereby safeguarding their supply chain integrity.

2. Enhanced Transparency and Traceability: With Trust Your Supplier, pharmacies gain unprecedented visibility into their supplier ecosystem. The platform facilitates transparent communication channels and real-time tracking of transactions, allowing pharmacies to identify and address vulnerabilities promptly. By fostering transparency and traceability, TYS empowers pharmacies to proactively mitigate cyber threats and respond effectively to disruptions.

3. Immutable Data Integrity: The immutable nature of blockchain ensures the integrity and immutability of critical data stored on the Trust Your Supplier platform. By leveraging blockchain’s tamper-resistant architecture, pharmacies can trust the accuracy and reliability of supplier information, mitigating the risk of data breaches and unauthorized access.

4. Streamlined Compliance Management: Trust Your Supplier simplifies compliance management by standardizing supplier qualification processes and documentation. Pharmacies can effortlessly verify suppliers’ compliance with regulatory requirements and industry standards, thereby reducing the likelihood of regulatory violations and associated penalties.

5. Resilient Supply Chain Operations: In the face of cyberattacks and other disruptions, Trust Your Supplier enables pharmacies to maintain continuity in their supply chain operations. By leveraging blockchain’s decentralized architecture, TYS mitigates the single point of failure inherent in traditional supply chain systems, ensuring uninterrupted access to critical medications and healthcare supplies.

In conclusion, the recent cyberattack targeting US pharmacies underscores the urgent need for proactive cybersecurity measures and resilient supply chain solutions. Trust Your Supplier offers pharmacies a comprehensive framework for enhancing supply chain security, fostering trust among stakeholders, and safeguarding patient well-being in an increasingly digital healthcare landscape. By embracing innovative technologies like blockchain, pharmacies can navigate the challenges of cyber threats with confidence and resilience, ensuring the uninterrupted delivery of essential healthcare services to those who depend on them most.

Discover how Trust Your Supplier can revolutionize your supply chain security. Contact us today to learn more or to schedule a demo. 

Unveiling the Hidden Force Behind Trust Your Supplier’s Flawless SOC Compliance

Within the perpetually transforming sphere of technology and cybersecurity, it’s rare for a person’s influence to be so deeply felt, particularly when their role primarily occurs behind the scenes. Ravinder (Ravi) Sabhikhi, a Compliance Security Consultant (CSC) for Trust Your Supplier (TYS), is one such individual. Having maintained the company’s SOC compliance with no exceptions for three consecutive years, Ravi’s dedication and expertise have been instrumental in ensuring the highest security and data privacy standards for Trust Your Supplier’s clients. 

A Rich Background in Technology and Business Development

Being awarded Employee of the Month at Trust Your Supplier in June 2023 highlights Ravi’s impressive repertoire of extensive experience and diverse skillset. His expertise has been refined through an illustrious background in cloud solutions, IoT solutions, advanced analytics, system solutions application deployment, technology planning, business development, and more across prominent organizations. 

Ravi’s journey began when he moved from India to the United States after high school, with limited English skills. Despite the challenges he faced, Ravi persevered with the support of exceptional mentors and a remarkable work ethic. He pursued his education while working in the evenings, ultimately obtaining an undergraduate degree in computer science, a master’s in computer studies, and an MBA—all while employed. His determination and hard work allowed him to realize his own American Dream. 

During his tenure as a Distinguished Engineer at IBM, Ravi collaborated with industry leaders on the strategy, architecture, and development of cutting-edge solutions using state-of-the-art technology. His significant contributions to both the company and the industry are evident, as are his multiple patents that demonstrate his credibility and expertise. 

At Tata Consultancy Services, Ravi served as the Innovation Lead in the pharmaceutical industry, where he analyzed emerging technologies and trends to enhance operational efficiency and reduce costs. As the Vice President of Sales and Channel Strategy, he revitalized sales with a focus on the banking and financial sectors, further showcasing his ability to deliver results and create a business impact for customers. 

Ravi’s international experience is equally impressive, having worked with clients worldwide and demonstrating a keen understanding of diverse cultural communication. This global exposure has undoubtedly contributed to his proven track record in relationship-building and problem-solving. 

Trust Your Supplier’s Unwavering Commitment to Security and Compliance

Under Ravi’s vigilant supervision, Trust Your Supplier has consistently completed the TYPE 2 SOC 1 and TYPE 2 SOC 2 audits without exceptions, reflecting our unwavering commitment to client information security and data privacy. This annual accomplishment serves as evidence of the rigorous standards and initiatives that make TYS a dependable partner to our clients. 

Ravi’s expertise in security is further emphasized by his understanding of the intrinsic link between blockchain technology and security. A secure environment and comprehensive training have become ingrained in TYS’s DNA, ensuring the highest level of protection for their clients’ data. 

Outside of his professional life, Ravi cherishes time with his family, including his wife of 44 years (!), two children, and various hobbies such as walking, exercising, and playing racquetball. His positive attitude and dedication to his work make every day enjoyable as he collaborates with nearly every department within the company on various projects and activities. 

With Ravi continuing to excel in his role, TYS clients can rest assured that their sensitive data is in the hands of a skilled and dedicated professional committed to upholding the highest security and compliance standards. 

To learn more about Trust Your Supplier’s dedication to data security and ongoing commitment to SOC compliance, visit https://trustyoursupplier.com/resources/data-security/. 

SOC Reports Show Trust Your Supplier and Chainyard’s Commitment to Data Privacy

By Ravi Sabhikhi 

The exchange of information is crucial to business operations across all industries. Cyber security, confidentiality and data privacy are common concerns with document exchanges and other forms of data transfer. Trust Your Supplier (TYS), owned & operated by the blockchain services and solutions company Chainyard, recognizes that these issues are critical to network participants. In response, Chainyard has successfully completed SOC 1 & SOC 2 Type 2 examinations to further cement our commitment to meeting the utmost in data security requirements. 

At Chainyard, data security and data privacy are in our DNA. We ensure our clients’ security concerns are addressed across multiple areas. Chainyard built TYS, one of the largest supplier discovery and information management permissioned blockchain solutions, using a Hyperledger Fabric framework. This adds protection to the network by safeguarding the digital keys that access the data. 

Deployed on the IBM Public Cloud using the IBM Blockchain Platform, TYS adheres to all IBM Data Center security policies. The TYS production team also runs daily vulnerability scans along with minute-to-minute logs and can generate system alerts for any anomaly, notifying the appropriate people to take immediate action as required. These defined processes using state of the art technologies ensure Chainyard protects its devices and network against cyber attacks.

On the development side, the TYS team uses an Agile SDLC process where every user story is documented, and security concerns are addressed before each release of the TYS application.  

At Chainyard we constantly monitor and adapt to the evolving and increasingly complex privacy landscape. The public awareness of privacy has grown over the past few years and was an instrumental factor in passing legislation such as the California Consumer Privacy Act of 2018 (CCPA), and more recently, the California Privacy Rights Act of 2020 (CPRA). While Europe has led the way with GDPR compliance, more states and countries are developing their own data privacy laws, such as South Africa’s Protection of Personal Information Act (often called the POPI Act or POPIA). 

The TYS SaaS application is GDPR, POPIA, and CCPA compliant , with policies and procedures in place for data encryption in motion and at rest. Penetration tests (PEN tests) are performed multiple times a year by IBM X-Force Red in order to discover any security gaps and data vulnerability and perform security checks on the web interface and other access interfaces. All PEN test findings are reported and fixed in priority, as required by their severity level. PEN test reports are available upon customer request.  

Chainyard continues to demonstrate its strong focus on the privacy and security of our clients’ data by proactively and successfully completing Type 2 SOC 1 and SOC 2 examinations this year. This allows our clients to maintain peace of mind as they focus on improving lives and reducing costs. Mohan Venkataraman Chainyard, CTO, added that “our recent SOC 1 & SOC 2 certification is only one aspect of our growing infrastructure security program that includes, among other things, ongoing data privacy and confidentiality enhancements and platform security improvements to guard against cyber security threats”.

Established by the American Institute of Certified Public Accountants (AICPA), SOC 1 and SOC 2 examinations are designed for organizations across all industries and scope to ensure the personal and business assets of their potential and existing customers are protected. SOC 1 and SOC 2 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures, and operations have been formally audited by a third party.  Chainyard’s SOC exams were led by A-LIGN ASSURANCE (A-LIGN), an independent auditing firm focused on industry-leading security and compliance, and trusted by more than 2,500 global organizations.  

A-LIGN’s Type 2 SOC 1 and SOC 2 audits of Chainyard’s infrastructure and internal processes revealed no exceptions, affirming that our company’s security policies, data protection, and privacy protocols meet or exceed the highest industry standards. These SOC examinations reinforce Chainyard’s commitment to information confidentiality and data security on the Trust Your Supplier network, and we plan to continue maintaining and re-evaluating our policies and measures to maintain this standard of excellence.  

Chainyard will perform SOC 1 and SOC 2 audits on an annual basis and make the reports available to current clients upon request and to potential clients upon execution of a non-disclosure agreement. If you are interested in viewing these SOC reports, please contact us.