MyFamilyPlan is proud to donate a portion of all proceeds to charity!

Watch Demo
Watch Demo

Security Statement

SECURITY STATEMENT

Security-First Architecture and SOC 2 Readiness
Date: 04/26/2026

Executive Summary

MyFamilyPlan is designed with security, privacy, and trust as foundational principles. From the earliest stages of development, the platform has been built using industry-recognized best practices aligned with the SOC 2 Trust Services Criteria. While MyFamilyPlan is not yet SOC 2 certified, the organization is intentionally building toward SOC 2 compliance and plans to pursue formal certification as the business and customer base continue to grow.

Security Philosophy

MyFamilyPlan follows a security-by-design approach. Controls are implemented early, documented clearly, and designed to scale over time. Security decisions are risk-based and proportionate to the size and complexity of the organization, ensuring strong protection without unnecessary operational friction.

  • Least-privilege access for all systems
  • Strong identity and authentication controls
  • Cloud-native security leveraging managed services
  • Defense-in-depth using layered technical and procedural safeguards
  • Continuous improvement as the platform matures

Platform Architecture Overview

MyFamilyPlan operates on Amazon Web Services (AWS), leveraging secure, scalable, and highly available cloud infrastructure. Application source code is managed using GitHub, and software deployments follow a controlled and auditable release process. Production systems and sensitive data are hosted exclusively within managed cloud environments.

Identity and Access Management

Access to MyFamilyPlan systems is strictly limited to a small number of authorized administrators. All administrative access is identity-based and protected using strong authentication mechanisms.

  • Centralized identity provider for administrative access
  • Multi-factor authentication enforced for privileged accounts
  • No shared or generic administrative credentials
  • Production access restricted to designated administrators only

Infrastructure and Data Protection

The MyFamilyPlan infrastructure is configured to protect the confidentiality, integrity, and availability of data using established cloud security best practices.

  • Logical separation between production and non-production environments
  • Encryption at rest enabled by default for supported cloud services using AES-256
  • Encryption in transit using industry-standard protocols using TLS 1.2 or higher
  • Restricted network access using firewall rules and security groups
  • Audit logging enabled to support monitoring and forensic review

Secure Development and Change Management

MyFamilyPlan employs structured software development and deployment practices to reduce risk and maintain platform stability.

  • Private source code repositories
  • Controlled access to repositories and deployment pipelines
  • Pull request–based changes with review prior to production deployment
  • Deployment activity logged for traceability

Logging, Monitoring, and Incident Response

Security monitoring and incident response processes are in place to detect and respond to potential security events in a timely manner.

  • Centralized logging of infrastructure and application activity
  • Monitoring for unauthorized access attempts and privileged changes
  • Defined incident response procedures with documented escalation paths
  • Maintenance of an incident log, including confirmation when no incidents occur

Third-Party and Vendor Security

MyFamilyPlan relies on a limited number of trusted third-party service providers. Vendor security is assessed using publicly available security documentation and risk-based evaluation.

  • Amazon Web Services (AWS) for infrastructure hosting
  • GitHub for source code management and deployments

Policies and Governance

MyFamilyPlan maintains foundational security policies that establish expectations for system access, data protection, and incident handling. These policies are reviewed periodically and expanded as the organization grows.

  • Information Security Policy
  • Access Control Policy
  • Incident Response Policy
  • Acceptable Use Policy

SOC 2 Readiness Roadmap

MyFamilyPlan is actively preparing for a future SOC 2 audit. Current controls are aligned with SOC 2 Security criteria, and the organization plans to pursue SOC 2 Type 1 and Type 2 assessments as operational maturity increases.

  • Formalization of policies and procedures
  • Expanded access reviews and evidence collection
  • Third-party risk management enhancements
  • Engagement of an independent SOC 2 auditor

Conclusion

Security and trust are core to MyFamilyPlan’s mission. By building on a strong security foundation and committing to continuous improvement, MyFamilyPlan demonstrates its dedication to protecting customer data and achieving recognized industry security standards.

WPBot

Chat with us!