At Arthur Health, trust is foundational. Our platform supports insurers, employers, and healthcare partners across regulated environments where security, confidentiality, and system reliability are not optional — they are essential.
We’re proud to share that Arthur Health has successfully completed an independent SOC 2 Type 2 audit, achieving an unqualified (clean) opinion across the Security, Confidentiality, and Availability Trust Services Criteria.
This milestone reinforces our commitment to protecting sensitive health and personal information, operating with transparency, and meeting the rigorous expectations of enterprise healthcare organizations.
What SOC 2 Type 2 Means and Why It Matters
SOC 2 is an internationally recognized assurance framework developed by the American Institute of Certified Public Accountants (AICPA). A Type 2 report goes beyond policy review — it evaluates whether controls are designed appropriately and operating effectively over time.
Arthur Health’s SOC 2 Type 2 examination assessed our controls over a defined observation period and confirmed that:
- Our system description is fairly presented
- Controls are suitably designed
- Controls operated effectively throughout the audit period
- No exceptions were identified
- No security incidents occurred during the review period
This assurance is especially important for organizations operating in healthcare, insurance, and public‑sector environments where vendor risk management and third‑party assurance are critical.
What Was in Scope
The audit covered Arthur Health’s core platform and operational environment, including:
- Trust Services Criteria: Security, Confidentiality, and Availability
- Core Platform: CareNexus (built on Microsoft Power Platform and Azure)
- Hosting Environment: Microsoft Azure (Canada East)
- Governance & Operations: Information security policies, risk management, incident response, vendor oversight, and system monitoring
These controls were independently tested and validated with no material exceptions noted.
Built for Regulated Healthcare Environments
Arthur Health was designed from the outset to support coordinated care in highly regulated settings. Our SOC 2 Type 2 achievement demonstrates that our security and compliance posture aligns with the expectations of:
- Insurers (WSIB, auto, disability, employer health, group benefits)
- Healthcare delivery partners and networks
- Employers and enterprise customers handling sensitive health data
This level of assurance supports faster vendor onboarding, smoother security reviews, and greater confidence for our partners.
SOC 2 Is Not a One‑Time Event
For Arthur Health, SOC 2 compliance is not a checkbox. It’s an operating discipline.
Our security and compliance program includes:
- Formal governance and executive oversight
- Documented and regularly reviewed security and privacy policies
- Ongoing risk assessments and vendor evaluations
- Continuous monitoring, incident response preparedness, and audit readiness
SOC 2 status, risks, and system availability are reviewed at the board and executive level, ensuring accountability remains embedded in how we operate every day.
What This Means for Our Customers and Partners
For current and prospective partners, our SOC 2 Type 2 report provides independent confirmation that Arthur Health:
- Protects sensitive health and personal information
- Operates with tested, reliable security controls
- Meets enterprise and regulated‑industry security expectations
- Is audit‑ready and transparent in its governance practices
Our SOC 2 report is available to customers, regulators, and partners under NDA upon request.
Looking Ahead
As Arthur Health continues to expand its CareNexus platform and support new care models, we remain committed to maintaining the highest standards of security, privacy, and operational excellence.
SOC 2 Type 2 compliance is an important milestone and one we intend to uphold as we grow alongside our partners.
Want to Learn More?
If you’re evaluating Arthur Health or require security assurance documentation, please contact our team to request our SOC 2 Type 2 report.
