Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Tidepool employs Infrastructure and service providers in the form of Infrastructure as a Service (IaaS) and Database as a Service (DBaaS) using Amazon Web Services and MongoDB Atlas as our main providers for our application, https://app.tidepool.org .

Live Search
spaceKey@self
additionalpage excerpt
placeholderSearch this space

21972-312_SOC_NonCPA.pngImage Modified

Tidepool received our SOC 2 Type II clearance from Prescient Assurance will be undergoing audit for a yearly SOC 2 Type II going forward. A gap letter will be available to provide assurance that controls and systems continue to be audited and verified.

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#B3D4FF

Access to Tidepool’s SOC 2 reports, Penetration Test, or other sensitive documentation under NDA is available via in our Conveyor Trust Portal profile.

Tidepool is regularly asked to provide compliance certification for all of our providers. In many circumstances, providers have indicated that without a Non Disclosure Agreement (NDA), these documents may not be provided by us directly to assessors who are not customers of the service.To assist IT Organizations in assessing compliance risk for Tidepool’s use of these service providers, we recommend personal verification that AWS and MongoDB Atlas are compliant if required.

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#F4F5F7

Tidepool validates our sub-processors and service providers are compliant during an initial Service/Software Integration Review prior to implementation and annually as part of our Risk Management and Vendor Management programs.

We last performed an annual review

All vendors are reviewed by Tidepool Security for:

  • Security Compliance Certification

  • Data Residency (must reside in US)

  • Terms of Use and Privacy Policy

  • Authentication and Authorization

  • Integration points with any Tidepool infrastructure

  • Network and Application Security controls

  • Logging and Auditing Controls

Amazon Web Services (AWS)

We annually validate that AWS is certified and accredited

  • ISO 9001

  • SOC 1, 2, and 3

  • DoD SRG

  • DoD Data Processing

  • FISMA

  • ISO 27001

  • ISO 27017

  • FERPA

  • VPAT / Section 508 Accessibility Standards

Tip

AWS does not provide copies of their audit reports for dispersal without an NDA, but you can verify these on their web site:
https://aws.amazon.com/compliance/programs/

MongoDB Atlas

  • SOC 1, 2, and 3

  • ISO 27001

  • GDPR

  • EN-US Privacy Shield

  • HIPAA

  • PCI-DSS

Tip

MongoDB Atlas does not provide copies of their audit reports for dispersal without an NDA, but you can verify these on their web site:
https://webassets.mongodb.com/_com_assets/collateral/Atlas_Security_Controls.pdf

Page Tree