Beacon Health closes two SOC 2 evidence gaps with PulseText

Beacon Health runs a 30-agent telehealth support team handling appointment confirmations, prescription pickups, and clinical follow-up via SMS. Their previous setup — a small group of agents sharing a single provider login — failed during their SOC 2 audit. The auditors flagged two specific evidence gaps: no per-message attribution, and no formal workflow for granting SMS access to new staff.

Beacon evaluated three options. Two required custom internal tooling and a six-month build. PulseText was the only one that shipped the audit and access-management features they needed out of the box.

The audit log was the first win. Every meaningful action — sign-ins, message sends, role changes, access decisions — landed in a filterable feed scoped to admins only. Beacon's compliance lead now exports that feed quarterly as part of their controls review. "The SOC 2 control around access provisioning was a check-box for us within a week of launching PulseText," said Marcus Webb, the support lead.

The second win was the access-request workflow. New patient-support agents no longer wait for an admin to manually assign numbers. They open Settings → Access requests, pick the number they need, leave a short justification, and an admin approves in one click. Every transition is logged, including the optional admin note — exactly what the auditor asked for.

Beacon now runs zero shared credentials across the support floor. The role-based UI keeps agents from accidentally seeing audit-log content meant for admins, and the workspace switcher lets the dual-licensed team move between Beacon's two regional workspaces without ever crossing data scopes.