Is Pluto SOC2 Type II compliant?

Yes, Pluto offers both SOC2 Type I and II reports & performs continuous monitoring

Written by Daniel Shin


Data security & privacy is our top priority

At Pluto, we’ve built a strong foundation of data security and privacy into our platform from day one. We take pride in our role helping life sciences organizations of all sizes meet their data protection and compliance requirements.


Pluto offers AICPA System and Organization Controls (SOC) 2 Type I and II reports, and performs automated, continuous monitoring on adherence to 50+ SOC 2 controls. Detailed, real-time reports showing Pluto’s status are available at our Trust Center.

Penetration testing

In addition to compliance audits, Pluto’s web application, API, and other services undergo annual penetration testing by GIAC Web Application Penetration Tester (GWAPT)-certified testers on an annual basis to identify vulnerabilities within the web application or cloud infrastructure based on OWASP & NIST industry standards.

Data privacy

Pluto is committed to user privacy and provides a high standard of privacy protection to all our users and customers. We apply stringent individual privacy protections through the use of role-based permissions and access controls, in accordance with Pluto’s data security and privacy controls.

More information

Please visit our Security page for more information, or to download a copy of our latest security white paper.

Additional questions or performing a vendor audit? Feel free to contact and we'd be happy to help.