Security is our Foundation: What Soc 2 Type II Means for HOPPR   

By Trever Falconi, Director, IT Security and Operations at HOPPR

If you build technology in healthcare, protecting sensitive data isn’t optional. It’s a fundamental responsibility. 

Healthcare AI systems handle highly sensitive information, including the medical imaging data used to develop and evaluate AI models. Safeguarding that data requires more than written policies or security tooling. It requires disciplined operational practices and controls that stand up to independent scrutiny. 

Our work toward that standard reached an important milestone when HOPPR achieved SOC 2 Type II attestation, independent validation that the security controls supporting HOPPR products and services are appropriately designed and operating effectively over time. 

Security has shaped how we build and operate HOPPR from the beginning. 

SOC 2 Type II attestation reflects the operational discipline and security program behind how our products and services are developed, managed, and maintained. 

What SOC 2 Type II Represents: 

SOC 2 Type 2 is an independent auditing framework developed by the American Institute of Certified Public Accountants (AICPA) that evaluates how organizations manage and safeguard systems and data through defined operational controls.   

A Soc 2 Type 1assessment evaluates whether an organization has designed and implemented appropriate security controls at a specific point in time.  

A Type 2 Type II attestation goes significantly further. It evaluates whether those controls operate effectively over an extended observation period, providing evidence that security practices function consistently in day-to-day operations.  

In other words, it evaluates not just how controls are designed, but whether they operate reliably in real operational conditions over time.  

The SOC 2 Type II attestation covers the systems and operational processes that support HOPPR products and services. Independent auditors evaluated both the design and operating effectiveness of the controls we use to safeguard our environment, providing third-party validation that these processes function as intended over time.  

Security as an Operational Discipline: 

Security programs are sometimes described in terms of tools, policies, or frameworks. In practice, security is less about any single control and more about how an organization operates.  

Security at HOPPR is treated as an operational discipline that informs how we build and maintain our products and services. This includes structured access management, defined operational procedures, vendor oversight, internal governance, incident response preparedness, and continuous monitoring of our systems and environment.  

Just as important is the principle that security must evolve as new capabilities, customers, and infrastructure are introduced. Maintaining a strong security posture requires continuous evaluation and improvement. 

SOC 2 Type II attestation reflects that ongoing work. It validates that the processes supporting HOPPR's offerings are functioning as intended under real operational conditions.  

Security practices are continuously reviewed and improved as our platform, services, and customer base evolve, allowing us to expand our controls while maintaining operational discipline and transparency. 

Why Security Matters in Healthcare AI:

The development of AI systems for medical imaging introduces unique responsibilities.  

Organizations building these technologies rely on large datasets, complex infrastructure, and collaboration across research and commercial environments. Ensuring that these systems operate within secure and well-governed environments is essential for protecting sensitive data and maintaining trust across the healthcare ecosystem.  

In practice, that means building infrastructure designed to support developers, researchers, and healthcare technology organizations working with sensitive medical imaging data in a controlled and traceable environment. 

Security controls, monitoring practices, and operational governance all contribute to that goal. 

Security is a Shared Responsibility:

One of the things I'm most proud of at HOPPR is that security isn't confined to a single team.  

In many organizations, security operates as a silo or is viewed as a barrier to innovation. Across the company, teams understand that trust is foundational, especially in healthcare AI. Engineering practices, infrastructure management, employee awareness, and leadership engagement all contribute to maintaining a secure environment. 

Security considerations are integrated into engineering, infrastructure, and operational workflows. Our teams treat security awareness as part of the day-to-day discipline of building reliable systems.  

This shared responsibility strengthens our ability to protect the data entrusted to us.  

Security is a Continuous Commitment:

Soc 2 Type II attestation represents an important point in the evolution of HOPPR’s security program, but security itself is never a static achievement.  

Threat landscapes evolve. Infrastructure changes. New technologies introduce new risks and opportunities. Maintaining a strong security posture requires constant attention and disciplined operational practices. 

SOC 2 Type II is one step in an ongoing process of strengthening our security program as products evolve and new capabilities are introduced. 

Our focus remains on strengthening the operational practices that support HOPPR offerings and ensuring that organizations developing AI in medical imaging can rely on infrastructure designed with security and accountability in mind. 

What This Means for Our Customers and Partners: 

Security programs are often invisible when they are functioning well. They are reflected in disciplined processes, consistent practices, and teams that take responsibility seriously. 

Achieving SOC 2 Type II attestation required collaboration across the entire organization. It reflects the commitment of teams who understand that building trustworthy infrastructure requires patience, rigor, and ongoing attention. 

For the organizations that rely on HOPPR as part of their AI development environment, that work matters. Protecting the systems and data that support healthcare innovation requires constant attention, disciplined processes, and teams committed to doing the work the right way. That commitment will continue to guide how we build and operate HOPPR. 

______________ 

SOC 2 is an independent auditing standard developed by the American Institute of Certified Public Accountants (AICPA).