Tidepool received our SOC 2 Type II clearance from Prescient Assurance will be undergoing audit for a yearly SOC 2 Type II going forward. A gap letter will be available to provide assurance that controls and systems continue to be audited and verified.
Access to Tidepool’s SOC 2 reports, Penetration Test, or other sensitive documentation under NDA is available in our Conveyor Trust Portal profile.
Tidepool is regularly asked to provide compliance certification for all of our providers. In many circumstances, providers have indicated that without a Non Disclosure Agreement (NDA), these documents may not be provided by us directly to assessors who are not customers of the service.
Tidepool validates our sub-processors and service providers are compliant during an initial Service/Software Integration Review prior to implementation and annually as part of our Risk Management and Vendor Management programs.
We last performed an annual review
All vendors are reviewed by Tidepool Security for:
Security Compliance CertificationData Residency (must reside in US)Terms of Use and Privacy PolicyAuthentication and AuthorizationIntegration points with any Tidepool infrastructureNetwork and Application Security controlsLogging and Auditing Controls
Amazon Web Services (AWS)
We annually validate that AWS is certified and accredited
ISO 9001SOC 1, 2, and 3DoD SRGDoD Data ProcessingFISMAISO 27001ISO 27017FERPAVPAT / Section 508 Accessibility Standards
AWS does not provide copies of their audit reports for dispersal without an NDA, but you can verify these on their web site:
https://aws.amazon.com/compliance/programs/
MongoDB Atlas
SOC 1, 2, and 3ISO 27001GDPREN-US Privacy ShieldHIPAAPCI-DSS
MongoDB Atlas does not provide copies of their audit reports for dispersal without an NDA, but you can verify these on their web site:
https://webassets.mongodb.com/_com_assets/collateral/Atlas_Security_Controls.pdf