In between content updates and new features, we’ve been working on our security certification as well. We completed our Type I review in June and will start our Type II review in Nov/Dec of this year.

If you’re not familiar with the SOC 2: it is a voluntary compliance standard for service organizations like Self Care Decisions. It was developed by the American Institute of CPAs (AICPA) and it specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy. The certification is performed by a third-party assessment firm; in our case, AssurancePoint.

SOC 2 Type 1 evaluates our security structures, policies and procedures. Basically, it reviews our systems and infrastructure. It makes sure we do penetration and vulnerability testing on a regular basis. The auditors also make sure we have well-thought policies and systems in place – and that our employees are all knowledgeable and compliant.

The Type II certification considers our security foundation (created in Type I) and then evaluates how well we follow it on a day-to-day basis. We’ll kick that off in the next few months.

Just wanted you to know that you are safe with Self Care Decisions!

AICPA SOC2 Seal