Our Commitment to Security
Our #1 priority is your trust.
Medplum uses enterprise-grade security and regular audits to ensure you're always protected. We undergo regular penetration testing and security reviews designed to be SOC 2 compliant.
This commitment to security is ingrained in our culture.
- Encryption - Data is encrypted in transit with TLS 1.2. Data is encrypted at rest with AES.
- Continuous Monitoring - Independent third-party penetration, threat, and vulnerability testing.
- Data Handling - Medplum is in full compliance with GDPR and has support for data deletion.
- SSO - User access controls with single sign on.
- Secure Hosting - Medplum's cloud environments are backed by AWS' security measures.
- RBAC - Role based account access workflows.
Continuous Security Commitment
- Penetration Testing - We perform an independent third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.
- Security Awareness Training - Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
- Third-Party Audits - Our organization undergoes independent third-party assessments to test our security controls.
- Roles and Responsibilities - Roles and responsibilities related to our information security program and the protection of our customer's data are well defined and documented.
- Information Security Program - We have an information security program in place that is communicated throughout the organization. Our information security program follows the criteria set forth by SOC 2.
- Continuous Monitoring - We continuously monitor our security and compliance status to ensure there are no lapses.
Found a potential issue? Please help us by reporting it so we can fix it quickly.
Contact us at firstname.lastname@example.org