Data security is paramount for Veeva and our customers. Veeva protects customer data with world-class physical, network, application, and data-level security.

Veeva maintains a comprehensive security program based on ISO 27001 to ensure the confidentiality, integrity, and availability of customer data. Veeva is committed to ensuring our services are available for operation and use at times set forth in service-level agreements, protected against unauthorized physical and logical access – including biometric entry authentication and 24/7/365 onsite monitoring – and that our system processing is complete, accurate, timely, and authorized.

Veeva regularly passes rigorous third-party compliance audits of our robust security, confidentiality, and availability controls. Veeva now publishes a Service Organization Controls 2 (SOC 2) Type II report under the Security and Availability Trust Service Principles (TSPs). Veeva data centers and service providers also publish SSAE16 SOC1 Type II and SOC3 (SysTrust) reports. These reports confirm that Veeva delivers fully secure and reliable, high quality operating standards in its data center operations, including provisioning, management and monitoring of the hardware, network, and firewall. All of these reports are for limited distribution and shared under confidentiality agreement (CDA). Please direct all requests through your Veeva Account Executive or Customer Service Representative.
Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.