Twin Health SOC 2 Compliance Case Study

Client Background

Twin Health’s Whole Body Digital Twin™ platform uses real-time data from wearables to create personalized plans that address chronic metabolic conditions like type 2 diabetes. Their solution helps individuals achieve sustainable health improvements, such as weight loss and reduced medication dependence, while lowering healthcare costs for employers and health plans. Monachus partnered with Twin Health’s CISO, Tom Calandrino, and the Twin security and engineering teams to streamline evidence collection and SOC2 readiness. Our close collaboration enabled Twin Health to achieve their first SOC2 attestation without any exceptions.

Learn More About Twin Health

communication, business _ agreement, handshake, conversation, meeting, man, woman.png

The Challenge

As Twin Health made the strategic decision to pursue SOC2 Type 2 attestation to strengthen trust and maintain high standards in security and compliance, they sought additional support to manage the compliance operations. With a SOC2 Type 2 audit approaching, Monachus stepped in to streamline the process, providing expert support throughout the compliance journey. This allowed Twin Health to focus on business as usual while Monachus ensured a smooth and efficient path to a SOC2 Type 2 attestation.

Learn More About Twin Health

"The Monachus team added tremendous value to Twin Health through partnering with our internal teams to facilitate audits and audit planning activities"

Tom CalandrinoCISO

office, character builder _ files, file, folder, rush, deadline, man, run.png

The Solution

Monachus provided fractional GRC support throughout each stage of Twin Health’s SOC2 compliance process:

Pre-Audit Support

Documentation Preparation: Aligned policies, procedures, and controls with SOC2 requirements.

Internal Assessments: Conducted thorough reviews to address compliance gaps.

Audit Readiness Checks: Ensured all documentation was complete and accurate.

Organized Evidence Tracking: Built a comprehensive knowledge base to track evidence and controls, allowing for quick review and collaboration across teams.

Risk Management: Identified and mitigated risks during the pre-audit phase to ensure audit readiness.

Issue Mitigation: Proactively addressed potential issues before the audit.

Project Management: Set up automated boards, adding workflows and automations to streamline task management and compliance tracking.

Regular Meetings: Ensured ongoing communication for clarity and progress.

Reporting and Feedback: Provided detailed reports and actionable feedback, offering insights into areas of improvement.

Audit Support

Guided Evidence Submission: Collaborated closely with teams, offering guidance on submitting correctly evidence to meet auditor expectations.

Timely Follow-Ups: Ensured all follow-ups and requests from auditors were addressed promptly and accurately.

Effective Communication: Maintained consistent communication with internal teams and auditors, ensuring transparency and alignment throughout the audit process.

Issue Resolution: Quickly resolved any concerns raised during the audit, minimizing potential disruptions.

Audit Progress Tracking: Monitored the audit’s progress, ensuring all timelines and deliverables were met and updated progress on weekly basis.

Post-Audit Support

Automated Systems: Enhanced project management boards with automations to help Twin Health’s team independently manage their compliance program moving forward.

Ongoing Compliance Management: Provided continued support to maintain audit readiness and program management for future audits.

Program Updates: Updated all compliance-related systems, documentation, and tracking tools to reflect the latest audit findings, ensuring remediation of potential issues for future audits.

The Result

Twin Health successfully passed their SOC 2 Type 2 audit with zero exceptions, reaffirming their commitment to high-security standards. Thanks to Monachus' fractional support, the audit preparation was seamless, with all evidence meticulously organized and submitted efficiently.

Audit Preparation

Monachus ensured that Twin Health was fully prepared, with all documentation automated and tracking tools in place, leading to a smooth process.

Audit

Evidence was submitted promptly, resulting in a quick, successful audit. All auditor requests were managed efficiently.

Post-Audit

Monachus updated systems, enabling Twin Health to independently manage compliance and remain audit-ready for future assessments. We continue to oversee the program, ensuring ongoing compliance management and support.

Conclusion

Monachus’ tailored approach provided Twin Health with the fractional support needed to successfully navigate the complexities of SOC2 Type 2 compliance. By seamlessly integrating into Twin’s operations, Monachus ensured that the entire process—from preparation to audit and post-audit—was managed efficiently. The outcome strengthened Twin Health’s reputation for security and compliance, enabling them to focus on their core mission while confidently maintaining their compliance posture for future audits. Monachus continues to support Twin Health as they grow and evolve.

Cookie Settings

We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

Essential (required)

These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

Functionality

These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

Performance & Analytics

These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

Targeting & Advertising

These cookies help us to better deliver marketing content and customized ads.

View Cookie Policy