Some healthcare organizations will accept an independent audit report in lieu of a vendor completing an assessment questionnaire. The most commonly accepted type of audit report for assessing a vendor's security posture is a SOC 2 Type II report. This infographic covers the key elements to review.