Phase Zero Successfully Completes SOC 2 and HIPAA Certification


Ngoc Le


March 21, 2023

Phase Zero is committed to protecting the security and privacy of our customers. It’s why we’re committed to ensuring that all our controls, policies, and procedures meet the highest standards.

We’re pleased to announce that we have successfully completed another key milestone on our information security roadmap by achieving compliance with HIPAA and SOC 2 Type 1 - widely regarded as a gold standard for information security.

Achieving compliance with HIPAA and SOC 2 Type 1 means that a third-party audit has been conducted on our information security controls, and we’ve passed with flying colors.

What are SOC 2 and HIPAA, and what does it mean for Phase Zero customers?

System and Organization Controls (SOC 2) is a security audit and attestation developed by the American Institute of Certified Public Accountants (AICPA) for Software-as-a-Service (SaaS) companies that process customer data. 

HIPAA is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Obtaining our SOC 2 Type 1 and HIPAA certification is an important milestone to demonstrate the security, availability, and integrity of Phase Zero's platform. This rigorous, independent assessment of our compliance serves as validation of our dedication and adherence to the highest standards to protect your sensitive patient health information. We view compliance monitoring as the foundation upon which our products are built and upon which trust with our customers is earned and maintained.

SOC 2 Report

We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers' data.

Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.

Phase Zero was audited by Prescient Assurance, a leader in security and compliance attestation for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which include but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For more information about Prescient Assurance, you may reach out to them at

Continuous Security Control Monitoring

Phase Zero uses Drata’s automation platform to continuously monitor 100+ security controls across the organization. Automated alerts and evidence collection allow Phase Zero to confidently prove its security and compliance posture any day of the year while fostering a security-first mindset and culture of compliance across the organization.

Get up and running in minutes

That's correct - in minutes! Phase Zero makes it really easy to create a patient database and automate your workflows. Our customers like to call us a "HIPAA Compliant Airtable"