From the moment we started our company, we knew that security and privacy would be foundational to the Trustworthy service. It’s a foundation we’ve committed ourselves to and it’s part of every decision we make, from design to coding to culture. 

Today, we’re delighted to announce that Trustworthy has achieved Service Organization Control 2 (SOC2) & Health Insurance Portability and Accountability Act (HIPAA) compliance, raising the bar for keeping member information private and protected. It’s a huge undertaking to reach this goal and we’re extremely proud to have achieved this certification. It’s a meaningful milestone in our journey of continuous improvement and iteration in building a service that every family trusts.

More importantly for members, this provides an increased level of confidence in our ability to protect, organize and optimize their important family information. Trustworthy is now not only the leading platform for family information management, it’s also the most secure. 

We continually strive to maintain transparency in all privacy and security matters. We invite you to read more about our security practices and protocols on our Security page.

What is SOC2 compliance?

SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.

A SOC 2 report is tailored to the unique needs of each organization. Depending on its specific business practices, each organization can design controls that follow one or more principles of trust. These internal reports provide organizations and their regulators, business partners, and suppliers, with important information about how the organization manages its data. There are two types of SOC 2 reports:

• Type I describes the organization’s change to security processes and whether the policies, procedures, and controls comply with the relevant trust principles.

• Type II details the operational efficiency of these controls.

Why is SOC2 Compliance Important?

Compliance with SOC 2 requirements indicates that an organization maintains a high level of information security. Strict compliance requirements (tested through independent audits) help ensure sensitive information is handled responsibly.

What is HIPAA compliance?

Through a series of interlocking regulatory rules, HIPAA compliance is a living culture that organizations must implement into their business in order to protect the privacy, security, and integrity of protected health information (PHI).

Why is HIPAA important?

HIPAA is important because it ensures healthcare providers, health plans, healthcare clearinghouses, and business associates of HIPAA-covered entities must implement multiple safeguards to protect sensitive personal and health information.

What does SOC2 and HIPAA compliance mean for Trustworthy?

For Trustworthy these certifications mean an enhanced set of security and privacy practices have been adopted along with an ongoing commitment to regular audits. These audits ensure the requirements of each of the five trust principles are met and that we remain compliant over time. 

Who did the Trustworthy compliance audit?

Trustworthy worked with Armanino to conduct the audit and certification. Armanino is one of the top 25 accounting and consulting firms in the nation and delivers a depth of knowledge, a range of services, and a consistent and responsive team. They are a member of the American Institute of Certified Public Accountants (AICPA), an affiliate firm in the California Society of Certified Public Accountants (CalCPA), a member of the Center for Audit Quality, and are licensed by the California Board of Accountancy.