Sharing and Security
      Back to home
      1. Pluto Knowledge Base
      2. Sharing and Security

      Is Pluto SOC2 Type II compliant?

      Yes, Pluto offers both SOC2 Type I and II reports & performs continuous monitoring

      Written by Daniel Shin

       

      Data security & privacy is our top priority

      At Pluto, we’ve built a strong foundation of data security and privacy into our platform from day one. We take pride in our role helping life sciences organizations of all sizes meet their data protection and compliance requirements.

      SOC2

      Pluto offers AICPA System and Organization Controls (SOC) 2 Type I and II reports, and performs automated, continuous monitoring on adherence to 50+ SOC 2 controls. Detailed, real-time reports showing Pluto’s status are available at our Trust Center.

      Penetration testing

      In addition to compliance audits, Pluto’s web application, API, and other services undergo annual penetration testing by GIAC Web Application Penetration Tester (GWAPT)-certified testers on an annual basis to identify vulnerabilities within the web application or cloud infrastructure based on OWASP & NIST industry standards.

      Data privacy

      Pluto is committed to user privacy and provides a high standard of privacy protection to all our users and customers. We apply stringent individual privacy protections through the use of role-based permissions and access controls, in accordance with Pluto’s data security and privacy controls.

      More information

      Please visit our Security page for more information, or to download a copy of our latest security white paper.

      Additional questions or performing a vendor audit? Feel free to contact security@pluto.bio and we'd be happy to help.