Our #1 priority is your trust.

Medplum uses enterprise-grade security and regular audits to ensure you're always protected. We undergo regular penetration testing and security reviews designed to be SOC 2 compliant.

This commitment to security is ingrained in our culture.

• Encryption - Data is encrypted in transit with TLS 1.2. Data is encrypted at rest with AES.
• Continuous Monitoring - Independent third-party penetration, threat, and vulnerability testing.
• Data Handling - Medplum is in full compliance with GDPR and has support for data deletion.
• SSO - User access controls with single sign on.
• Secure Hosting - Medplum's cloud environments are backed by AWS' security measures.
• RBAC - Role based account access workflows.

• Penetration Testing - We perform an independent third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.
• Security Awareness Training - Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
• Third-Party Audits - Our organization undergoes independent third-party assessments to test our security controls.
• Roles and Responsibilities - Roles and responsibilities related to our information security program and the protection of our customer's data are well defined and documented.
• Information Security Program - We have an information security program in place that is communicated throughout the organization. Our information security program follows the criteria set forth by SOC 2.
• Continuous Monitoring - We continuously monitor our security and compliance status to ensure there are no lapses.

Found a potential issue? Please help us by reporting it so we can fix it quickly.

Contact us at security@medplum.com