Smile Digital Health Completes SOC 2® Type 2 Examination

Smile levels up their certification to continue to provide the highest security and compliance standards. 


TORONTO, CANADA -- May 25, 2023  – Smile Digital Health (Smile), a leading FHIR® health data fabric and exchange solutions provider, announced on May 15, 2023 that it has successfully completed the System and Organization Controls (SOC) 2® Type 2 attestation. This is the next step in certification from last year’s completion of the SOC 2 Type 1.

Security is an integral part of Smile’s Health Data Fabric platform, solutions and services. The SOC 2 Type 2 is one component of an ongoing certification plan that aligns to the highest security standards ensuring that Smile is always safeguarding their clients’ data and providing the safest methods of storing, processing and exchanging sensitive information.

Developed by the American Institute of Certified Public Accounts (AICPA), SOC 2 is a security framework that specifies how organizations should protect client data from unauthorized access, security incidents and other vulnerabilities. The SOC 2 focuses on internal controls related to security, availability, confidentiality, processing integrity and privacy.

The SOC 2 Type 2 attestation report assesses the operating effectiveness of internal controls over an extended period of time. Gaining this next level of certification continues to solidify Smile as a leader when it comes to data security and privacy, which is key to its clients and prospective customers when working with the type of personal data they need to analyze and share regularly.

“Obtaining the SOC 2 Type 2 attestation has been a key goal of this company as set in our Privacy and Security roadmap, which is built upon our Type 1 certification we obtained last year. Our clients and partners now have additional evidence of how we operate our services and ensure the protection of data as per our own stringent policies,” said Luis de Barros, Chief Privacy and Security Officer, Smile Digital Health.

The SOC 2 audits a wide range of tasks. Some of these include vulnerability scanning and management, testing of recovery plan procedures and monitoring various aspects of the retention period of data. This high-level summary barely touches on the areas available to audit and in turn showcases the extensive nature of the SOC 2.

“The maturity and commitment of both our information security and compliance programs are evident with reaching the Type 2 attestation. The knowledge and diligence of our staff have accelerated our success in our certifications and further demonstrates their commitment to ensuring the highest level of safe data management,” said Rhea Kolanko, Chief of Staff & VP Business Operations, Smile Digital Health.


Read the full press release here.