Trust

Security

Data security is paramount for Veeva and our customers. Veeva protects customer data with world-class physical, network, application, and data-level security.

Veeva maintains a comprehensive security program based on ISO 27001 to ensure the confidentiality, integrity, and availability of customer data. Veeva is committed to ensuring our services are available for operation and use at times set forth in service-level agreements, protected against unauthorized physical and logical access – including biometric entry authentication and 24/7/365 onsite monitoring – and that our system processing is complete, accurate, timely, and authorized.

SERVICE ORGANIZATION CONTROLS
Veeva regularly passes rigorous third-party compliance audits of our robust security, confidentiality, and availability controls. Veeva publishes a Service Organization Controls 2 (SOC 2) Type II report under the Security and Availability Trust Service Principles (TSPs). Veeva data centers and service providers also publish SSAE16 SOC1 Type II and SOC3 (SysTrust) reports. These reports confirm that Veeva delivers fully secure and reliable, high quality operating standards in its data center operations, including provisioning, management and monitoring of the hardware, network, and firewall. All of these reports are for limited distribution and shared under confidentiality agreement (CDA). Please direct all requests through your Veeva Account Executive or Customer Service Representative.
ISO (International Organization for Standardization) 27001
Veeva has achieved ISO (International Organization for Standardization) 27001 certification for our Information Security Management Systems (ISMS) and aligned with ISO 27018 for privacy controls, covering various Veeva products and supporting infrastructure as described in Veeva’s certificate. ISO 27001 is a globally recognized security standard that provides a guideline of the policies and controls that an organization has in place to secure their data. The standard sets out internationally agreed upon requirements and best practices for the systematic approach to the development, deployment and management of a risk/threat based information security management system. ISO 27018 is an international code of practice that focuses on privacy controls for cloud providers.
SKYHIGH NETWORKS
Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.