Medplum Security

Security as a Company Value

Medplum’s security & compliance principles guide how we deliver our products and services, enabling people to simply and securely access the digital world.

Secure Personnel

Medplum takes the security of its data and that of its clients and customers seriously and ensures that only vetted personnel are given access to their resources.

Secure Development

Secure Testing

Medplum deploys third party penetration testing and vulnerability scanning of all production and Internet facing systems on a regular basis.

Cloud Security

Hosted Medplum provides maximum security with complete customer isolation in a modern, multi-tenant cloud architecture.

Hosted Medplum leverages the native physical and network security features of the cloud service, and relies on the providers to maintain the infrastructure, services, and physical access policies and procedures.

Application Security

Continuous Security Commitment


Medplum is committed to providing secure products and services to safely and easily manage billions of digital identities across the globe. Our external certifications provide independent assurance of Medplum’s dedication to protecting our customers by regularly assessing and validating the protections and effective security practices Medplum has in place.

SOC 2 Type 1

Medplum successfully completed the AICPA Service Organization Control (SOC) 2 Type I audit. The audit confirms that Medplum’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

Medplum was audited by Prescient Assurance, a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provide risk management and assurance services which includes but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc. For more information about Prescient Assurance, you may reach out them at

An unqualified opinion on a SOC 2 Type I audit report demonstrates to the Medplum’s current and future customers that they manage their data with the highest standard of security and compliance.


Customers can request access to the audit report.

Security Scorecard

Security Scorecard Logo

Report Vulnerabilities

Found a potential issue? Please help us by reporting it so we can fix it quickly.

Contact us at