Why CIOs Trust Cayuse the Most

Cayuse’s commitment to security, availability, and privacy

AICPA SOC-2 badge

Billions of dollars’ worth of research is managed through Cayuse. That’s why we’ve taken a no-compromise approach to security, availability, and privacy. Cayuse combines industry-leading cloud technology, a highly trained and experienced staff, adherence to strict industry standards, and the flexibility to meet a variety of customer requirements. The following is a brief overview of our systems and policies that meet the industry’s gold standards. To see the first 10 pages of the 50+ page audit report, click here. We’re happy to share more when your team desires.

Secure Cloud Infrastructure

Cayuse’s 24/7 SaaS engineering infrastructure is installed in the appropriate global region of Amazon Web Services (AWS) cloud infrastructure with the highest level of security-controlled and monitored physical access, redundant high-speed networking, and enterprise-class operational safeguards.

Amazon facilities are audited to SSAE 16, SOC 2, PCIA standards, as well as many other standards. They are ISO 27001 certified, and they comply with HIPAA requirements. Each AWS region has multiple layers of physical and virtual security and is not accessible by any customer.

Powered by AWS

Unrivaled Security Services

Security is at the forefront of Cayuse’s technology planning. We follow industry best practices for configuration management, login authorization processes, centralized authentication and logging, monitoring and alerting to on-call personnel, as well as secure host access and administration.

We use various levels of firewalls on our corporate network as well as AWS security infrastructure to ensure access only to authorized services and people.


Additional security services we provide:

Access management
Detective controls
Infrastructure protection
Data protection
Incident response
Patch management
Vulnerability remediation
Malware management
Security monitoring

Best-In-Class Availability

We have fully documented and successfully been audited for an extensive set of processes that ensure best-in-class availability.

All servers are monitored at all times for processes, load, performance, services, users, network I/O, CPU/memory, and more. We use an external monitoring service to monitor external availability of all of our customer applications from multiple locations throughout the U.S.

All databases and file attachments are backed up nightly, and snapshots are taken every 30 minutes of all database servers to allow for prompt, point-in-time recovery of systems and services. We also have documented policies and processes for recovering backup data in the event of a catastrophic incident at an AWS region.

We also have environmental protections with controls in place for incidents like electrical systems, fire detection, climate control, and water leakage to ensure we’re the most highly available platform on the market.

Cayuse status page

Uptime Transparency

We believe success is built on trust, and that starts with transparency. We’re the only vendor with an open status page that provides realtime incident reports and 90-day historical metrics on product availability and performance.

Confidential & Encrypted Data Transmissions

Data transmissions between Cayuse and our customers are encrypted in accordance with the Advanced Encryption Standard (AES).

Before we share any information, we obtain formal authorizations based on confidentiality commitments and requirements applicable to all related parties and vendors.

AICPA logo

More About SOC Certification

Service Organization and Controls (SOC) reports provide an industry-wide acknowledgment that a company adheres to trust service principles.

These principles and controls are set by the American Institute of Certified Public Accountants (AICPA). SOC reports deliver valuable information that can be used to assess the quality of security provided by vendors.

See a Sample of Our SOC 2 Audit Report