ScImage Successfully Completes Its SOC 2 Type 1 Report

Certification Boosts ScImage’s Security Posture

Partner News | Published: Friday, June 3, 2022

ScImage, Inc., a leading provider of cloud-centric enterprise imaging, PACS, and image exchange solutions for the healthcare industry, announced today it has successfully completed its SOC 2 Type 1 report, in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA). The achievements underscore ScImage’s commitment to strong internal controls.

SOC 2 is an internationally recognized compliance standard for service organizations, developed by the AICPA (American Institute of CPAs), which specifies how companies should manage and maintain customer data.

Many companies put software into a hosted environment, such as MS Azure, Amazon Web Services, and Google, relying solely on the host’s security strategy, said ScImage’s President and CEO, Sai Raya, PhD.

“SOC 2 Type 1 report for PICOM365 Cloud Enterprise Imaging Services system allows ScImage to demonstrate that we are successfully merging the wealth of security and monitoring features built into the MS Azure platform with our own specific controls and information security wisdom acquired over decades of experience. ScImage is fully committed to the principles of security, confidentiality, and availability,” he said.
Dr. Raya noted that ScImage has been seeing an increase in the number of security documentation requests as the healthcare industry transitions from on-premise to Cloud-based workflow.

ScImage is not new to compliance initiatives. The company’s PicomEnterprise software suite is an FDA 510k approved medical device, and ScImage was granted a Risk Management Framework (RMF)-based Authority to Operate (ATO) authorized by the Defense Health Agency (DHA) in 2017.

“The formal SOC 2 report path, including independent 3PAO audits, is an attestation that ScImage will continue to grow our established service commitments, system requirements, and corporate policies to not only meet, but exceed our valued customers’ and partners’ expectations,” he concluded.

The effort was completed by the professional and independent third-party cybersecurity and compliance audit firm, 360 Advanced, Inc.

About ScImage

Founded in 1993, ScImage remains a private, customer-first company with a mission to provide innovative enterprise imaging solutions to the healthcare industry. ScImage’s unique single-database PICOM365 enterprise platform delivers end-to-end imaging workflow for Cardiology, Radiology, Women’s Health, Orthopedics, Ophthalmology and more. Scalable from a single physician practice to a multi-hospital enterprise, PICOM365 is customizable and can be delivered on-premise, in the Cloud, or as a hybrid. The perfect synchrony created between on-site and Cloud resources allows PICOM365 to provide secure VPN-less image exchange solutions among legacy silo systems, Cloud users, and various EHR systems. Learn more at

About 360

360 Advanced is “Making Better Businesses” through their national Cybersecurity and Compliance offerings. Services provided include SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, CSA STAR, HIPAA/HITECH, ISO 27001, CMMC, PCI-DSS, HITRUST CSF, Microsoft SSPA Attestation, Penetration Testing, GDPR, CCPA and more. In certain states, 360 Advanced may operate under the name of Hiestand, Brand, Loughran, P.A. to meet State Board of Accountancy requirements. To learn more about 360 Advanced, visit

This site uses cookies to improve your experience.

By continuing to use our site, you agree to our Cookie Policy, Privacy Policy and Terms of Use.