Trust and Security Certifications

Trust and Transparency

The Unified Protection Strategy

The Unified Protection Strategy includes Medidata’s Information Security, Data Privacy, and Quality functions. Together, these functions ensure that Medidata has created a secure, stable, and scalable cloud platform, robust data governance processes, and an inspection-ready quality management system — which, when you put all together, are critical enablers to success in clinical trial execution.

Information Security Image

Information Security

Medidata’s Information Security Program uses  the principle of “Security by Design” control is built in at the design phase. By using the most advanced technologies and techniques, we are able to protect your data against the newest threats in the world of increasing risk. Encryption everywhere, Data Loss Prevention, Malware protection at both the platform level as well as the perimeter, multi-factor hardened systems as well as proprietary techniques are tested continuously and validated regularly by independent testers.

Data Privacy Image

Data Privacy

We have gone beyond legal requirements with an integrated data governance program to ensure oversight and accountability across all processing of your data. We work closely with you, your partners, and in industry groups to understand Data Privacy concerns and continue to develop solutions that scale to your organization’s needs. This commitment shows: Medidata is one of the first life sciences companies to achieve ISO 27018 certification for protecting Personally Identifiable Information (PII) in the cloud.

Quality Management Image

Quality Management

Medidata is committed to continuously improving quality within the global regulatory landscape. We maintain a robust and inspection-ready Quality Management System inclusive of policies and procedures to ensure that our software products and services are developed, implemented, and maintained in a manner that meets the needs and expectations of our clients and ensures compliance with applicable regulatory requirements.

Medidata Maintains a Comprehensive Set of Certifications and Attestations to Validate Our #1 Value of Trust


We at Medidata take stewardship of patient data very seriously. In addition to our robust GDPR compliance program, we have among the first independent ISO certifications for privacy and the most robust SOC2 over Privacy in the life sciences industry. We focus on the most stringent standards in the market, not just reaching the minimum requirements by law. Privacy protection is built into the entire service lifecycle at Medidata. From our GDPR-ready Data Processing Exhibit and integrated Privacy-by-Design process to our industry-leading Data Governance program, Medidata is committed to positive accountability for how we steward your sensitive clinical trial data anywhere on our platform.


Security at Medidata is the highest priority. We lead the industry in security and compliance using state of the art technology and techniques, coupled with a strategy that supports our scalable, secure and stable environment. Customers can be confident knowing we hold over twelve security certifications, six agency certifications, and built on four highly valued frameworks. We are continuously improving our security capabilities and educating our workforce with the latest techniques focused on protecting customer and patient data.


Medidata takes a proactive approach in providing its customers with transparency and visibility into our robust governance, risk, and compliance environment. In addition to our various security and privacy related certifications, Medidata produces a SOC2+ report that covers (but is not limited) to the following areas:

  • Quality Management System
  • Security (e.g., physical, logical)
  • IT Hosting operations (e.g., system monitoring, disaster recovery)
  • Software Development Life Cycle
  • Data Integrity (e.g. Electronic Record/Electronic Signatures)

When it comes to meeting strict industry guidelines, Medidata has done the work.

Our Regulatory Compliance space contains documented position statements outlining how Medidata achieves compliance with key regulations such as ICH E6 (R2), 21 CFR Part 11, EU GMP Annex 11 and the Japan MHLW.