Security is a critical aspect of regulated content management. Protecting company proprietary information and staying in compliance with regulations like 21 CFR Part 11 are incredibly important. Vault has a number of security features designed to support these goals, from authentication & other security features, to system activity auditing and reporting.
Our goal is to give you complete peace of mind that your regulated content is safe with us. How do we do that? There are a number of dimensions to our security architecture, described below in more detail.
- Physical Security: Physical security ensures that no unauthorized people can access the servers where your data is stored. Our servers are located at world class data centers with sophisticated multi-factor security measures like biometrics. Our data centers have received SAS 70 Type II certifications, meaning that they have been certified by a third party to have controls in place to ensure a secure environment for data, and data center employees have gone through background checks.
- Network Security: Network security ensures that nobody can intercept your data in transit between your browser and the Vault servers. We accomplish this by encrypting all communications between your browser and the Vault servers using Transport Layer Security (TLS). You can tell by looking at the address bar in your browser: you should see “https” rather than “http” at the beginning of the URL. Vault servers are also protected behind a firewall that only allows access through specific ports. Vault supports TLS 1.2.
- Authentication: Authentication ensures that only people who are authorized to access your Vault can do so. They must log in and prove their identity by providing a password. They may also access your Vault through a Single Sign-on service or using delegated authentication through Salesforce.com.
- Access Control & Authorization: Various features ensure that Vault users only have access to the functions, documents, and object records that are appropriate for their roles and responsibilities. These include security profiles that control access to certain functions, document roles that control access to view and perform actions on documents, and object record roles that control access to view and perform actions on specific object data records.
- Audit Trail & Logs: Audit trail ensures that you have full visibility into what is going on in your Vault. It allows you to monitor a range of activity, including logins, Vault configuration changes, and document changes.