Book a demo
Resources

SOC 2 compliance

Approva is pursuing SOC 2 Type II certification. Our controls are designed around the Trust Services Criteria for availability, confidentiality, and processing integrity.

Current status

We are currently in audit. Type II certification is expected in 2026. In the meantime, we can share our security posture and controls documentation under NDA — contact hello@approva.health.

Controls in scope

Our SOC 2 program covers availability (uptime SLAs, incident response), confidentiality (PHI access controls, encryption), and processing integrity (change management, data validation). Logical access, vendor management, and risk assessment policies are fully documented.

Supporting compliance

SOC 2 controls complement our HIPAA program. For a full overview of our security posture, including encryption standards and audit logging, see the security and compliance page.

Book a demohello@approva.health