Dotmatics

Dotmatics Trust Center

The Dotmatics Trust Center portal offers comprehensive information and documentation on the security, privacy, compliance (including GDPR, ISO standards, PCI DSS), risk management, product and application security, data protection, ESG initiatives, legal agreements, and continuous monitoring for Dotmatics ELN & Data Discovery products, along with updates on recent security advisories such as the December 2025 vulnerabilities CVE-2025-55182 and CVE-2025-66478 affecting React server components.

Welcome to the Dotmatics Trust Center for Dotmatics ELN & Data Discovery. This portal provides artefacts and information to help customers and partners understand the security, privacy, quality, and compliance posture of these products.

Compliance

Dotmatics maintains compliance with several standards and regulations, including:

  • CCPA
  • CPRA
  • GDPR
  • ISO 9001:2015
  • ISO/IEC 27001
  • ISO/IEC 27001 SoA
  • PCI DSS

Documents

Available documents include:

  • Network Diagram
  • Penetration Test Report - ELN & DD
  • ISO 9001:2015 Compliance
  • ISO/IEC 27001 Compliance
  • ISO/IEC 27001 SoA Compliance
  • Data Privacy Terms
  • Anti-Modern Slavery (UK)

Risk Profile

  • Hosting information

Product Security

  • Integration Security
  • SSO Support

Reports

  • Network Diagram
  • Penetration Test Report - ELN & DD

Self-Assessments

Dotmatics is working on security compliance and can provide completed questionnaires upon request.

Data Security

  • Data Backups
  • Data Erasure
  • Encryption-at-rest

Application Security

  • Application Penetration Testing
  • Code Analysis
  • Credential Management

ESG (Environment, Social, Governance)

  • Anti-Modern Slavery (UK)
  • Whistleblowing Program

Legal

  • Data Privacy Terms
  • Subprocessors
  • Data Processing Agreement

Data Privacy

  • Cookies
  • Data Protection Officer
  • Employee Privacy Training

Access Control

  • Status Monitoring
  • Amazon Web Services

Corporate Security

  • Information Security Policy

Continuous Monitoring

Knowledge Base (FAQ)

  • Is Dotmatics Platform validated or GxP compliant?

Trust Center Updates

Customer Security Advisory: CVE-2025-55182 and CVE-2025-66478

Date: 5 December 2025

Dotmatics provides updates regarding two recently disclosed vulnerabilities in the JavaScript ecosystem: CVE-2025-55182 and CVE-2025-66478.

1. CVE-2025-55182 React Server Components

On 3 December 2025, Dotmatics became aware of a vulnerability affecting certain React server-side packages. After an internal review, no products were found to use the affected components.

2. CVE-2025-66478 Next.js (downstream impact)

Dotmatics identified that two products (Luma and Sigma components) used affected Next.js versions. Standard vulnerability response procedures were initiated, including patching, testing, and deployment. All remediation activities were completed by 4 December 2025. No abnormal or unauthorized activity was detected.

3. Customer Guidance

No customer action is required at this time. Dotmatics will continue to monitor for updates and communicate as necessary.

Dotmatics Not Affected By MoveIT Vulnerabilities

Date: June 22, 2023

Dotmatics has reviewed its software and confirms it does not run MOVEit file transfer software and is not impacted by related vulnerabilities.

Welcome to the Dotmatics Trust Center

Date: April 25, 2023

Dotmatics announces the launch of its customer-facing, self-service Trust Center for documents and answers on security, privacy, and compliance matters. For assistance or to report a vulnerability, customers are encouraged to contact support or report issues via the provided email addresses.

Related