SOC 2 and HIPAA
SOC 2 and HIPAA statuses, BAA, and who to contact for compliance reviews.
What's Astell's SOC 2 Type II status?
Astell's SOC 2 Type II audit is in progress, with the report expected in Q4 2026. SOC 2 is an independent attestation: a licensed CPA firm examines how a service provider manages data security, availability, and confidentiality and issues a formal report. (SOC 2 is technically an attestation rather than a "certification"; there is no certifying body.) To schedule a security review call, contact founders@labtwofour.com.
What's Astell's HIPAA status?
Astell's HIPAA compliance program is in progress, with full support expected in Q4 2026. HIPAA establishes standards for protecting sensitive patient health information; there is no official government-issued HIPAA certification. Compliance is demonstrated through safeguards, risk assessments, and Business Associate Agreements. Astell can already accommodate HIPAA-related requirements on enterprise plans today.
How do HIPAA Business Associate Agreements (BAAs) work?
HIPAA Business Associate Agreements (BAAs) are available by request for enterprise customers. For HIPAA requirements and BAAs, email legal@labtwofour.com.
Can I use Astell for HIPAA-covered data right now?
You can use Astell for HIPAA-covered data only if you're on an enterprise plan and have a signed HIPAA BAA in place. To get started, email founders@labtwofour.com.
Does Astell follow other security standards (OWASP ASVS, CASA)?
Astell's application security program follows the OWASP Application Security Verification Standard (ASVS), the industry baseline for application security controls, and the product is tested against it. Astell is also pursuing CASA (Cloud Application Security Assessment) Tier 3, the independent, lab-verified tier of the App Defense Alliance framework (which is itself built on OWASP ASVS); that assessment is in progress. Enterprise customers can request the current status or supporting documentation at legal@labtwofour.com.
関連記事
関連するヘルプ記事で学習を続けましょう