Truveta today announced it has completed a Type 2 System and Organization Controls (SOC) 2 examination, which underscores Truveta’s commitments to security and trust. Type 2 SOC 2 is a rigorous and comprehensive compliance standard developed and governed by the American Institute of CPAs (AICPA).
The SOC 2 security category specifies how software is protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems.
The Type 2 SOC 2 attestation involves an in-depth, longitudinal study of how well an organization’s security program functions over an extended period, examining how well an organization’s security program consistently meets its objectives.
The examination was performed by an assessor, Schellman & Company, LLC.
To earn and maintain that trust, we have invested deeply in the most advanced security and privacy standards to manage and protect de-identified patient data in Truveta. We are proud of these achievements as evidence of our relentless commitment to security and privacy.”
Truveta also maintains an ISO 27001 certification, with the ISO 27701 and ISO 27018 extensions.
Truveta renews these certifications annually through assessments performed by Schellman Compliance, LLC.
The ISO 27001 and ISO 27018 are the standards for information technology security management systems and protection of personally identifiable information in public clouds, respectively. The ISO 27018 certificate compliments the former. The ISO 27701 certificate speaks to the company’s privacy controls and is also an extension of ISO 27001.
Completing the Type 2 SOC 2 examination – in addition to maintaining the existing ISO certifications – serves as external validation that Truveta’s controls, protocols and processes align with rigorous standards for both security and privacy.
For more information about Truveta’s approach to security, read more in the Truveta security whitepaper.