Compliance, Accreditation, and Certification

Owned by Ben Derr
Last updated: Feb 06, 2024
2 min read
21972-312_SOC_NonCPA.png
SOC 2 Type 2

Tidepool received our SOC 2 Type II clearance from Prescient Assurance Feb 1, 2024 , and will be undergoing audit for a yearly SOC 2 Type II going forward. A gap letter will be available to provide assurance that controls and systems continue to be audited and verified.

Access to Tidepool’s SOC 2 reports, Penetration Test, or other sensitive documentation under NDA is available in our Conveyor Trust Portal.

 

Tidepool validates our sub-processors and service providers are compliant during an initial Service/Software Integration Review prior to implementation and annually as part of our Risk Management and Vendor Management programs.

We last performed an annual review Jul 1, 2023

All vendors are reviewed by Tidepool Security for:

  • Security Compliance Certification

  • Data Residency (must reside in US)

  • Terms of Use and Privacy Policy

  • Authentication and Authorization

  • Integration points with any Tidepool infrastructure

  • Network and Application Security controls

  • Logging and Auditing Controls

Tidepool employs Infrastructure and service providers in the form of Infrastructure as a Service (IaaS) and Database as a Service (DBaaS) using Amazon Web Services and MongoDB Atlas as our main providers for our application, https://app.tidepool.org .

Amazon Web Services (AWS)

We annually validate that AWS is certified and accredited

  • ISO 9001

  • SOC 1, 2, and 3

  • DoD SRG

  • DoD Data Processing

  • FISMA

  • ISO 27001

  • ISO 27017

  • FERPA

  • VPAT / Section 508 Accessibility Standards

MongoDB Atlas

  • SOC 1, 2, and 3

  • ISO 27001

  • GDPR

  • EN-US Privacy Shield

  • HIPAA

  • PCI-DSS

 

Search this space

 

The content of the Tidepool Technical Documentation is licensed under a Creative Commons CC0 1.0 Universal (CC0 1.0) Public Domain Dedication.