BELLEVUE, Wash.– March 30, 2022 – Truveta, the health system-led company with a vision of saving lives with data, today announced that it has obtained an ISO 27001 certification, with the ISO 27701 and ISO 27018 extensions.  This certification underscores Truveta’s commitments to security, privacy, and trust. The certifications were performed by an independent and third-party ANSI National Accreditation Board (ANAB) accredited assessor, Schellman & Company, LLC. Truveta also completed Type 1 SOC 2 examination, which is a compliance standard developed and governed by the American Institute of CPAs (AICPA).

Obtaining this ISO certification and completing the Type 1 SOC 2 examination serves as external validation that Truveta’s controls, protocols and processes align with rigorous standards for both security and privacy.

“Truveta’s vision is saving lives with data. Trust is at the very foundation of that vision, as there is no data more personal than healthcare data,” said Oscar Papel, chief information security officer and vice president of engineering, Truveta. “To earn and maintain that trust, we have invested deeply in the most advanced security and privacy standards to manage and protect de-identified patient data in the Truveta platform. We are proud of these achievements as evidence of our relentless commitment to security and privacy.”

“Truveta’s ISO certification and SOC 2 examination validate the security and privacy measures Truveta has put in place to care for our patients’ data,” said Preston Jennings, vice president of information security and chief information security officer at Trinity Health. “I am impressed at the speed with which Truveta has earned this recognition, which is a reinforcement of their commitment to trust and the technology investments they’ve made.”

The ISO 27001 and ISO 27018 are the standards for information technology security management systems and protection of personally identifiable information in public clouds, respectively. The ISO 27018 certificate compliments the former. The ISO 27701 certificate speaks to the company’s privacy controls and is also an extension of ISO 27001.

The SOC 2 security category specifies how software is protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems.

About Truveta

Truveta is the world’s first health system-led data platform with a vision of Saving Lives with Data. Through partnerships with 20 innovative health system members, the Truveta platform represents the full diversity of our country across age, geography, race, ethnicity, and gender. Truveta aims to help researchers find cures faster, empower every clinician to be an expert, and help families make the most informed decision about their care. Truveta’s platform is licensed for ethical medical research, not for targeting advertising to patients or physicians. Truveta is a tax paying entity. To learn more, please follow us on LinkedIn and visit

About Truveta’s Members

Truveta’s members provide more than 16% of U.S. patient care from tens of thousands of clinical care sites across 42 states and provide ongoing governance to Truveta. Truveta membership includes Providence, Advocate Aurora Health, Trinity Health, Tenet Healthcare, Northwell Health, AdventHealthBaptist Health of Northeast Florida, Baylor Scott & White Health, Bon Secours Mercy Health, CommonSpirit HealthHawaii Pacific HealthHenry Ford Health System, MedStar Health, Memorial Hermann Health System, Novant Health, Ochsner Health, Saint Luke’s Health System, Sentara Healthcare, Texas Health Resources and UnityPoint Health.