We are now officially SOC2 Type II compliant! We know, you’re thrilled.

While this isn’t the most engaging news, we thought it would be fun, in the spirit of security, to encode this blog with a secret message. Going forward, look closely at the beginning of each sentence, do you notice anything? What if you string them together…?

Being a very cool healthcare company, we thought it was crucial for us to become SOC 2 Type II compliant so that our current and prospective customers can rest easy knowing that we are handling their data with care. Essentially, SOC 2 Type II means we at Turquoise have robust, bulletproof policies and safeguards that ensure the protection of customer data. Since getting our Type I SOC2 point-in-time report, we have worked with a CPA firm over the last several months to continually audit and monitor our systems to ensure we have ongoing compliance with every SOC2 requirement. Uninterrupted security measures mean that we sleep easy at night, but it also means that our customers and their IT teams sleep easy as well.  

Radical transparency is something that we, naturally, value. Especially when it comes to our security measures. The technical framework we have in place ensures that (1) we have protections against hackers or other bad actors, and (2) our data and any customer data is able to be backed up in case something happens thanks to rigorously kept and maintained security protocols. Onboard with confidence knowing that Turquoise Health has the industry’s gold standard compliance rating.

Data is often the biggest concern prospects have when it comes to SOC 2 compliance. Routine housekeeping and continuous monitoring of all our data means that not only are we SOC 2 Type II compliant but we also have protections that align with HIPAA compliance. Incredible, we know. Now, protocols exist to cover PHI within our platform as well as any that might accompany a customer’s use of our products. Knowing the appropriate response to any given threat arms our team with the knowledge they need to quickly and effectively respond to a situation. Yearly and quarterly security reviews will allow us to keep our SOC 2 Type II status.

Our approach to security will always remain in the background and should never interfere with customer access to our platform. Unless you’re trying to do something crazy (here’s looking at you, Intern Who Wants To Impress Their Boss), you should have no interruption regardless of your data access method or platform access. Rate Sense and other free tools on our platform will also remain uninterrupted.

Our sincere thanks go to the entire team at Vanta and Johanson LLC for helping us secure SOC 2 Type II status. Vanta, the leader in continuous compliance monitoring, provided us with the strongest security foundation to protect our customer data. Automated collection of our audit evidence made the process super smooth; highly recommend! Last but not least, if you are a current or prospective customer of Turquoise and want more information on our security protocols, let us know here. The best part of being SOC 2 Type II compliant? It should be even easier for your organization to get a hold of our sweet, sweet price transparency data.


Never miss a Turquoise health update by signing up for our newsletter. Every month, we’ll send you product updates, beta user opportunities, and more.