Sevana Health Completes Its SOC 2 Type 2 Examination
Sevana Health Team
February 23, 2026
We're pleased to share that Sevana Health has completed a SOC 2® Type 2 examination. An independent service auditor evaluated our security controls and verified they operated effectively over an extended observation period.
Why This Matters for Our Customers
Health plans that use our CMS Universe Scrubber trust us with sensitive data: Medicare Beneficiary Identifiers, member enrollment information, claims data, grievance records, and appeal details. That's not something we take lightly.
When we talk to compliance teams evaluating our platform, security is always one of the first questions. And it should be. Before this examination, we could describe our security practices. Now we have an independent service auditor confirming they work as described, consistently, over time.
What SOC 2 Type 2 Actually Means
There's a meaningful difference between Type 1 and Type 2:
SOC 2 Type 1
Evaluates whether security controls are designed appropriately as of a single point in time. Think of it as a snapshot.
SOC 2 Type 2
Evaluates whether security controls are operating effectively over an extended period. It's not enough to have good policies, the service auditor verifies you're actually following them, consistently, day after day.
What the Examination Covered
The examination evaluated our controls against the Security Trust Services Criteria, the foundational category that covers:
Protection Against Unauthorized Access
Controls that prevent unauthorized access to the systems and infrastructure that process, store, and transmit your CMS universe files.
Logical & Physical Access Controls
Role-based access, authentication mechanisms, and physical security measures for our infrastructure.
System Operations & Monitoring
Continuous monitoring, incident detection, and response procedures to identify and address security events.
Change Management & Risk Mitigation
Controlled processes for system changes and ongoing risk assessment to maintain security posture.
What This Means Practically
For compliance teams evaluating our platform:
- •Faster vendor assessments. Your information security team can review our SOC 2 Type 2 report instead of sending lengthy security questionnaires. We're happy to share the full report under NDA.
- •Delegation oversight evidence. If you're using our platform as part of your CMS audit preparation workflow, our SOC 2 report supports your vendor oversight documentation.
- •Ongoing commitment. A SOC 2 Type 2 report isn't a one-time event. We plan to continue annual examinations so our controls evolve with the threat landscape.
View Our Trust Center
We've published our security posture through a public Trust Center where you can review our controls, security practices, and request access to the full SOC 2 report.
Sevana Health Trust Center
Review our security posture and request the full SOC 2 report.
Ready to See the Platform?
If security has been a factor in your evaluation, we hope this makes the conversation easier. We'd love to show you how the CMS Universe Scrubber works.