SOC2 for Medplum

We at Medplum are pleased to share the news that we have recently completed our System and Organization Controls (SOC) 2 Type I audit.

Industry-Standard Accreditation

The SOC 2 audit is one the highest recognized standards of information security compliance in the world. It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls with respect to information security. Our SOC 2 Audited Report, which can be obtained upon request, is the auditor’s opinion on how our organization’s security controls meet the SOC 2 criteria.

We obtained our audited SOC 2 Report by partnering with Secureframe and Prescient Assurance who respectively helped us prepare for and review our internal controls including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup management, business continuity and disaster recovery, security incident response, and other critical areas of our business.

Thanks to a company-wide effort here at Medplum, and with the help of our partners, we successfully achieved SOC 2 compliance and received an Auditor’s Report, which we are happy to share with you to demonstrate to you that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria. A summary of our practices can be found in our security summary.

We go above and beyond the minimum requirements for SOC 2 by integrating our critical infrastructure to monitor compliance to the SOC 2 framework 24/7/354, not just during the audit window.

The successful completion of our SOC 2 Report is one of many ways that we have planned to earn and retain our customer's trust. SOC 2 is just one aspect of our growing security program. We are committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our customers’ needs.