Truveta has completed its Type 2 SOC 2 examination and continue to maintain ISO 27001 certifications, demonstrating the company’s relentless commitment to security, privacy, and trust.
BELLEVUE, Wash.– October 11, 2023 – Truveta today announced it has completed a Type 2 System and Organization Controls (SOC) 2 examination, which underscores Truveta’s commitments to security and trust. Type 2 SOC 2 is a rigorous and comprehensive compliance standard developed and governed by the American Institute of CPAs (AICPA).
The SOC 2 security category specifies how software is protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems. The Type 2 SOC 2 attestation involves an in-depth, longitudinal study of how well an organization’s security program functions over an extended period, examining how well an organization’s security program consistently meets its objectives. The examination was performed by an assessor, Schellman & Company, LLC.
“Truveta’s mission is saving lives with data. Trust is at the very foundation of that mission, as no data is more personal than healthcare data,” said Oscar Papel, chief information security officer and vice president of engineering, Truveta. “To earn and maintain that trust, we have invested deeply in the most advanced security and privacy standards to manage and protect de-identified patient data in Truveta. We are proud of these achievements as evidence of our relentless commitment to security and privacy.”
Truveta also maintains an ISO 27001 certification, with the ISO 27701 and ISO 27018 extensions. Truveta renews these certifications annually through assessments performed by Schellman Compliance, LLC. The ISO 27001 and ISO 27018 are the standards for information technology security management systems and protection of personally identifiable information in public clouds, respectively. The ISO 27018 certificate compliments the former. The ISO 27701 certificate speaks to the company’s privacy controls and is also an extension of ISO 27001.
Completing the Type 2 SOC 2 examination – in addition to maintaining the existing ISO certifications – serves as external validation that Truveta’s controls, protocols and processes align with rigorous standards for both security and privacy.
Truveta is a growing collective of health systems that provide more than 18% of all daily clinical care in the US. Truveta is trusted by more than 40 leading healthcare and life science customers to study safety and effectiveness, improve patient care, and train medical AI. Across these leading organizations, Truveta connects data, people, and ideas to pursue a shared mission of saving lives with data.
Truveta membership includes Providence, Advocate Health, Trinity Health, Tenet Healthcare, Northwell Health, AdventHealth, Baptist Health of Northeast Florida, Baylor Scott & White Health, Bon Secours Mercy Health, CommonSpirit Health, Hawaii Pacific Health, HealthPartners, Henry Ford Health System, HonorHealth, Inova, Lehigh Valley Health Network, MedStar Health, Memorial Hermann Health System, MetroHealth, Novant Health, Ochsner Health, Premier Health, Saint Luke’s Health System, Sanford Health, Sentara Healthcare, Texas Health Resources, TriHealth, UnityPoint Health, Virtua Health, and WellSpan Health.