Our commitment to security and privacy has always been a fundamental part of our service. Since the inception of our company, we have dedicated ourselves to building a platform that prioritizes trust in every aspect, from design to coding to company culture. Today, we are thrilled to announce that Trustworthy has achieved SOC 2, Type 2, and SOC 3 compliance, setting a new standard for safeguarding family information and privacy. 

The attainment of SOC 2, Type 2, and SOC 3 compliance provides our members with an elevated level of confidence in the protection, organization, and optimization of their vital family information. Trustworthy not only stands as the leading platform for family information management but also as the most secure. We continuously prioritize transparency in all matters related to privacy and security, and we invite you to explore our Security page to learn more about our practices and protocols.

Today, we’re delighted to announce that Trustworthy has achieved Service Organization Control 2, Type 2 (SOC 2, Type 2) & Service Organization Control 3 (SOC 3) compliance, raising the bar for keeping member information private and protected. It’s a huge undertaking to reach this goal and we’re extremely proud to have achieved this certification. It’s a meaningful milestone in our journey of continuous improvement and iteration in building a service that every family trusts to manage their most important information and related critical tasks.

More importantly for members, this provides an increased level of confidence in our ability to organize, protect and optimize their essential information. For the majority of families, adopting Trustworthy is significant step up in improving family information security and privacy. 

We continually strive to maintain transparency in all privacy and security matters. We invite you to read more about our security practices and protocols on our Security page.

What is SOC 2 compliance?

SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.

A SOC 2 report is tailored to the unique needs of each organization. Depending on its specific business practices, each organization can design controls that follow one or more principles of trust. These internal reports provide organizations and their regulators, business partners, and suppliers, with important information about how the organization manages its data. There are two types of SOC 2 reports:

• Type I describes the organization’s change to security processes and whether the policies, procedures, and controls comply with the relevant trust principles.

• Type II details the operational efficiency of these controls.

Why is SOC 2, Type 2 Compliance Important?

Compliance with SOC 2 requirements indicates that an organization maintains a high level of information security. Strict compliance requirements (tested through independent audits) help ensure sensitive information is handled responsibly. Unlike SOC 2, Type 1, which assesses the design of controls at a specific point in time, Type 2 goes further by examining the operating effectiveness of those controls over a minimum of six months. This extended evaluation period is valuable because it allows organizations to demonstrate the consistency and durability of their control environment.

What is SOC 3 compliance?

Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). SOC 3 is designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 Report.

Why is SOC 3 Compliance Important?

SOC 3 reports are valuable for service organizations as they demonstrate their commitment to maintaining a high level of security and reliability for their clients. SOC 3 helps foster trust, enhance business relationships, and ensure that sensitive data is adequately protected, making it a vital component of today's information security landscape.

What does SOC 2, Type 2 and SOC 3 compliance mean for Trustworthy?

For Trustworthy these certifications mean an enhanced set of security and privacy practices have been adopted along with an ongoing commitment to regular audits. These audits ensure the requirements of each of the five trust principles are met and that we remain compliant over time. 

Who did the Trustworthy compliance audit?

Trustworthy worked with Armanino to conduct the audit and certification. Armanino is one of the top 25 accounting and consulting firms in the nation and delivers a depth of knowledge, a range of services, and a consistent and responsive team. They are a member of the American Institute of Certified Public Accountants (AICPA), an affiliate firm in the California Society of Certified Public Accountants (CalCPA), a member of the Center for Audit Quality, and are licensed by the California Board of Accountancy.