Trust and Security Certifications

Trust and Transparency

The Unified Protection Strategy

The Unified Protection Strategy includes Medidata’s Information Security, Data Privacy, and Quality functions. Together, these functions ensure that Medidata has created a secure, stable, and scalable cloud platform, robust data governance processes, and an inspection-ready quality management system — which, when you put all together, are critical enablers to success in clinical trial execution.

Information Security Image

Information Security

Medidata’s Information Security Program uses “Security by Design”; control is built in at the design phase. By using the most advanced technologies and techniques, we are able to protect your data against the newest threats in the world of increasing risk. Encryption everywhere, Data Loss Prevention, Malware protection at both the platform level as well as the perimeter, multi-factor hardened systems as well as proprietary techniques are tested continuously and validated regularly by independent testers.

Data Privacy Image

Data Privacy

We have gone beyond legal requirements with an integrated data governance program to ensure oversight and accountability across all processing of your data. We work closely with you, your partners, and in industry groups to understand Data Privacy concerns and continue to develop solutions that scale to your organization’s needs. This commitment shows: Medidata is one of the first life sciences companies to achieve ISO 27018 certification for protecting Personally Identifiable Information (PII) in the cloud.

Quality Management Image

Quality Management

Medidata is committed to continuously improving quality within the global regulatory landscape. We maintain a robust and inspection-ready Quality Management System inclusive of policies and procedures to ensure that our software products and services are developed, implemented, and maintained in a manner that meets the needs and expectations of our clients and ensures compliance with applicable regulatory requirements.

Medidata Maintains a Comprehensive Set of Certifications and Attestations to Validate Our #1 Value of Trust


We at Medidata take stewardship of patient data very seriously. In addition to our robust GDPR compliance program and Privacy Shield certification, we have among the first independent ISO certifications in the life sciences industry for data privacy. We focus on the most stringent standards in the market, not just reaching the minimum requirements by law. Privacy protection is built into the entire service lifecycle at Medidata. From our GDPR-ready Data Processing Exhibit and integrated Privacy-by-Design process to our industry-leading Data Governance program, Medidata is committed to positive accountability for how we steward your sensitive clinical trial data anywhere on our platform.


Security is at the forefront of our offering. We lead the industry in our controls posture, with our strategy supping our scalable, secure and stable environment. The security team of 30 staff professionals, with an average security Information Security experience of twelve years, bring both depth and the newest practices to bear with 35 Individual certifications, six third party certifications and a control regime based on four widely accepted frameworks.


Medidata takes a proactive approach in providing its customers with transparency and visibility into our robust governance, risk, and compliance environment. In addition to our various security and privacy related certifications, Medidata produces a SOC2+ report that covers (but is not limited) to the following areas:

  • Quality Management System
  • Security (e.g., physical, logical)
  • IT Hosting operations (e.g., system monitoring, disaster recovery)
  • Software Development Life Cycle
  • Data Integrity (e.g. Electronic Record/Electronic Signatures)

When it comes to meeting strict industry guidelines, Medidata has done the work.

Our Regulatory Compliance space contains documented position statements outlining how Medidata achieves compliance with key regulations such as ICH E6 (R2), 21 CFR Part 11, EU GMP Annex 11 and the Japan MHLW.