February 19, 2025

SOC 2 Type II: Why It Matters to EVYD, and More Importantly, to You.

Every patient story, every research breakthrough, every data point in healthcare carries immense weight to improving patient outcomes. At EVYD, we protect them with diligence.

A year ago, we set out on a mission to elevate the security of our healthcare data platform, evydence. Today, we are proud to announce that our evydence platform has successfully achieved SOC 2 Type II attestation.

Our journey began with a simple yet profound question: How can we ensure that every piece of data entrusted to us remains secure? We collaborated with industry experts, scrutinized our processes, and implemented rigorous security measures. Each step, though demanding, was a stride towards reinforcing the trust our clients and partners have placed in us. This milestone is our promise that our clients and partners’ data is safeguarded with the highest level of data security and compliance.

What is SOC 2 Type II?

SOC 2 (System and Organization Controls 2) is a widely recognized auditing standard developed by the American Institute of CPAs (AICPA). A Type II report evaluates the design and operating effectiveness of an organization’s controls over a specified period. Achieving this attestation signifies that EVYD has implemented and maintained robust security measures to protect sensitive data.

Our SOC 2 Type II attestation encompasses all five Trust Services Criteria (TSC), each reflecting a core aspect of our platform’s integrity.

  • Security – We implement robust safeguards, including encryption, multi-factor authentication (MFA), and strict access controls, to protect healthcare data from unauthorized access and breaches.
  • Availability – Our platform is designed for high reliability and uptime, ensuring 24/7 access to critical healthcare data for timely decision-making.
  • Processing Integrity – We maintain accurate, timely, and consistent data processing, ensuring healthcare insights are reliable and trustworthy.
  • Confidentiality – We enforce stringent data access policies and encryption protocols to prevent unauthorized disclosure of sensitive health information.
  • Privacy – Our platform adheres to strict privacy controls and regulatory standards ensuring personal health data is handled with the highest level of care and compliance.

How SOC2 Addresses Key Security Challenges

Our SOC 2 Type 2 attestation reflects our proactive approach to addressing security risks and compliance challenges:

  • Continuous Vulnerability Management: We actively identify and remediate security gaps to protect against emerging threats.
  • Regular Penetration Testing: Independent security experts rigorously test our defenses to ensure ongoing resilience.
  • Ongoing External Audits: Third-party auditors validate our security, availability, and compliance posture.
  • Strengthened Incident Response: We have well-defined processes to detect, respond to, and recover from security incidents efficiently.

What This Means for Our Clients

For our clients, SOC 2 Type 2 attestation translates into tangible benefits that enhance security, compliance, and business confidence:

  • Stronger Data Protection: Industry-leading security measures safeguard sensitive healthcare data from breaches and unauthorized access.
  • Regulatory & Contractual Compliance: SOC 2 compliance helps clients meet their own security and privacy obligations, simplifying vendor risk assessments.
  • Operational Reliability: Our platform is built for high availability and resilience, ensuring uninterrupted access to critical healthcare data.
  • Risk Reduction & Trust: Independent validation of our security controls reassures clients that we proactively manage and mitigate risks.
  • Competitive Advantage: Partnering with a SOC 2-compliant organization minimizes risk exposure and enhances trust in data-driven healthcare solutions.

Security Enhancements Implemented as Part of SOC 2 Compliance

As part of our commitment to continuous improvement, we have introduced the following security enhancements:

  • Enhanced access controls: Strengthened policies to enforce the principle of least privilege access.
  • Continuous security monitoring: Implemented automated alerts for real-time risk detection and response.
  • Vendor risk management improvements: Updated third-party security review processes to ensure compliance across our supply chain.
  • More rigorous incident response planning: Enhanced strategies to reduce detection and response times for security events.

A Word from Tang Yu, Head of Security

As part of our commitment to continuous improvement, we have introduced the following security enhancements:

Achieving SOC 2 Type 2 attestation is a testament to our relentless commitment to security, trust, and operational excellence. This milestone reaffirms our dedication to protecting sensitive healthcare data with the highest standards. Security is not just a requirement – it’s a fundamental value we uphold every day.

Access the full report here

We partnered with Prescient Security and Vanta to undergo a thorough and independent audit of our evydence platform. Their expertise and guidance were invaluable throughout the process.

For a comprehensive look into our journey and what this attestation means for you, read the full report here.

About EVYD Technology


EVYD Technology is a Southeast Asia-based healthcare technology company with a vision to build a future where everyone can access better health. We leverage our deep expertise in healthcare data processing and AI to enable our partners to gain insights for informed decision making in healthcare and implement personalized health promotion, risk assessment and chronic disease management programmes at scale to improve population health outcomes.

Leave a comment