Medidata Security and Certifications

Medidata uses best-in-class security to protect our clients and the patients whose lives they improve. We employ a variety of approaches, including NIST 800 and CobIT™ security models, to secure our client’s systems. We verify the effectiveness of our controls by maintaining multiple certifications, including ISO27001:2013, FISMA, SOC-1, SOC-2, and we have FedRamp Approval To Operate (ATO) with several government agencies. We perform regular vulnerability assessments, penetration testing and third-party reviews of our environment.

Security White Paper

ISO 27001:2013

Medidata Service Organization Control documents are controlled documents, and are provided to our customers for the purpose of demonstrating control over our environment.  The organization accessing this document agrees to limit distribution to within the organization, affiliates and audit organizations. One (1) copy of this document may be retained so long as access is restricted.

SOC2 and Vulnerability Reports - Medidata Customers ONLY

For questions related to these documents, please contact Medidata at