Lightning Step and Sunwave today announced that both organizations have successfully achieved SOC 2 Type II attestation across all five Trust Services Criteria - Security, Availability, Confidentiality, Processing Integrity, and Privacy. This is a significant milestone as a full - scope attestation that reinforces their commitment to the highest standards of data security, privacy, and operational integrity within the healthcare technology sector.

This independent attestation confirms that Lightning Step and Sunwave have implemented robust controls aligned with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). Unlike a point-in-time assessment, SOC 2 Type II evaluates the design and operating effectiveness of security controls over an extended period, providing objective, third-party validation of sustained compliance.

What SOC 2 Type II Means for Healthcare Organizations

SOC 2 is a leading security framework for technology companies that manage sensitive data. Achieving Type II attestation demonstrates that Lightning Step and Sunwave not only maintain comprehensive security policies, but consistently apply and monitor them across systems, teams, and workflows.

Unlike many vendors who certify against only one or two criteria, Lightning Step and Sunwave SOC 2 Type II attestation for its Health Platform Suite covers all five Trust Services Criteria established by the AICPA - providing healthcare organizations with complete assurance across every dimension of trust:

Security - Your data is protected against unauthorized access, both physical and digital

Availability - Systems remain up and accessible when you need them

Confidentiality - Sensitive business and patient information stays protected from unauthorized disclosure

Processing Integrity - Data is processed accurately, completely, and on time

Privacy - Personal information is handled responsibly throughout its lifecycle

What This Means for Your Organization

With full-scope SOC 2 Type II attestation, healthcare providers and behavioral health organizations can expect:

Protection of sensitive clinical, operational, and financial data

Continuous monitoring and enforcement of security controls

Operational resilience and system availability

Alignment with enterprise and regulatory expectations

SOC 2 Type II is widely regarded as the gold standard for trust and transparency in highly regulated environments.

Security by Design, Proven in Practice

“Achieving SOC 2 Type II attestation is a reflection of how we design and operate our technology from the ground up,” said Dr. Martin Ignatovski, Ph.D., Chief Technology Officer of Lightning Step. “Security, reliability, and data integrity are foundational principles. This attestation validates the rigor of our engineering practices and our commitment to protecting sensitive healthcare data at scale.”

A Clear Differentiator in the Healthcare Technology Market

In an increasingly complex healthcare technology landscape, many vendors rely on internal assessments or limited security claims. SOC 2 Type II attestation clearly differentiates Lightning Step and Sunwave by providing independent, third-party verification that security controls are not only well-designed, but consistently enforced over time.

“SOC 2 Type II demonstrates that our security controls are not only well-designed, but consistently enforced over time,” said Brent Michael, CEO of Lightning Step and Sunwave. “For healthcare organizations, trust is built on proof. This independent attestation provides clear validation that our security and compliance programs meet the highest standards expected in regulated environments.”

Supporting Enterprise-Grade Healthcare Innovation

By achieving SOC 2 Type II attestation, Lightning Step and Sunwave strengthen their ability to support healthcare providers, behavioral health organizations, and enterprise partners with stringent compliance requirements. The attestation helps reduce vendor risk, streamline procurement and security reviews, and enable faster, more confident adoption of technology.

This milestone reflects a broader, ongoing investment in security, compliance, and operational excellence, ensuring that customers can innovate while maintaining confidence in the safety and integrity of their data.

About Lightning Step and Sunwave

Lightning Step and Sunwave are healthcare technology companies united by a shared mission: Elevating care, together, to support behavioral health and addiction treatment providers with secure, reliable, and clinician-centered solutions. Founded by former treatment center owners, operators, and clinicians, the combined organization delivers purpose-built CRM, EMR, and RCM platforms designed to streamline clinical and operational workflows across the full continuum of care. Together, Lightning Step and Sunwave are advancing a unified roadmap focused on security, usability, and innovation, while ensuring continuity for existing customers with no forced migrations, no service disruptions, and unchanged commitments to data privacy, ownership, and compliance.

www.lightningstep.com/

www.sunwavehealth.com/

Flavia Stasino

flavia@lightningstep.com