Founda Health Achieves SOC 2 Type II and C5 Attestation, Strengthening a Proven Track Record in Healthcare Security

We have achieved key European and international security attestations, including SOC 2 Type II and the German C5 Type II, reinforcing its commitment to data protection in healthcare.June 13, 2025

At Founda Health, protecting healthcare data is more than a responsibility - it's a foundational principle that guides everything we do. In March 2025, we successfully completed an intensive 10-day audit conducted by external cybersecurity experts, marking a key milestone in our ongoing commitment to world-class data protection and regulatory compliance.


While we have long held certifications that reflect our high security standards, this audit brought significant additions - most notably, the SOC 2 Type II attestation and our first-ever Type II report under the German C5 framework, underscoring our evolution as a trusted infrastructure partner in digital healthcare.
Audit Outcomes: Building on a Strong Security Foundation


We are pleased to share the following outcomes of the March 2025 assessment:

✅ ISO 27001 Certification
This internationally recognized standard confirms that our information security management system (ISMS) is well-managed and aligned with global best practices.
We are also fully compliant with ISO 27017 and ISO 27018, with formal certification received.

🆕 SOC 2 Type II Attestation
This attestation verifies the ongoing operational effectiveness of our security controls over time. It reflects our alignment with key trust service principles - security, availability, and confidentiality - which are essential for our clients and partners handling sensitive healthcare information.

🆕 C5 Type II Report (First-Time Achievement)
Developed by the German Federal Office for Information Security (BSI), C5 is a leading cloud security standard across Europe. This is our first C5 Type II report, reinforcing Founda Health’s adherence to strict, European-specific cloud infrastructure requirements.

✅ NEN 7510 Certification
As always, we meet the Dutch national standard for information security in healthcare. The renewal of our certification through DNV is now complete.

Founda (8)

Trusted by Industry-Leading Auditors

We are proud to have collaborated with A-LIGN, an internationally respected cybersecurity and compliance firm, to complete the SOC 2 and C5 audits.
“Congratulations to Founda Health for earning their SOC 2 attestation, which is a widely recognized signal of trust and security,” said Steve Simmons, COO of A-LIGN.
“It’s great to work with organizations like Founda Health who understand the value of expertise in driving an efficient audit and the importance of a high-quality final report.”

A Continued Commitment to Trust, Transparency, and Security

These certifications are more than checkboxes - they serve as proof of our dedication to securing health data and supporting compliant, interoperable care delivery across systems and borders.

For Hospitals, Health Information Exchanges (HIEs), Digital Health Innovators, and other healthcare partners, our certifications reaffirm one thing: Founda Health is a platform you can trust.

Security is never finished. We remain committed to regular audits, continuous improvement, and transparent communication - because protecting healthcare data is not just what we do, it’s who we are.