MedStack Achieves SOC 2 Type 2 Certification



MedStack is proud to announce the successful completion of our Service Organization Control (SOC) 2 Type 2 audit, conducted by independent service auditor Kompleye

SOC 2 is the standard of the AICPA that is widely considered the benchmark for trust in the cloud industry. The current report covers the period November 1, 2019 to May 31, 2020 and will be repeated on an annual basis going forward. 

MedStack successfully completed its SOC 2 Type 1 audit in January 2020, then adding to our platform’s already robust security and privacy guarantees. The completion of our Type 2 report demonstrates MedStack’s continued commitment to operate with the highest degree of care and security when it comes to the management of Personal Health Information (PHI), and attests that MedStack’s “service commitments and system requirements were achieved based on the trust services criteria relevant to security, availability, and confidentiality.”

While a SOC 2 Type 1 attestation reports on an organization’s security controls at a specific point in time, SOC 2 Type 2 covers a continuous period of time, making it more comprehensive and difficult to achieve. 

For our customers, these exciting milestones facilitate the ability to leapfrog the enterprise onboarding and sales process. This is because MedStack’s SOC 2 controls are inheritable by our customers, thereby making it easier for those in our community to obtain their own SOC 2 audits — an otherwise lengthy, expensive and distracting process required by many hospital networks and insurance companies in order to do business.

“When we founded MedStack in 2015, we aimed to make it faster and easier to create and deploy digital health apps,” says Simon Woodside, MedStack Co-Founder and CTO. “Five years in we are still dedicated to this mission. We continue to build out a complete platform with compliance guarantees that raise the level for the entire industry.”

If you are an existing MedStack customer and would like to request a copy of our SOC 2 Type 1 or Type 2 report, email us at