Veeva is a company devoted to providing software-as-a-service (SaaS) to clients in the life sciences sector who wish to utilize mobile and outsourced cloud-based solutions. Information is a strategic asset of Veeva. Unauthorized or inadvertent alteration, disclosure, or unavailability of information could severely result in damage to Veeva’s business activities and reputation. Moreover, Veeva as a data processor is the custodian of customer information that can be both confidential and sensitive.
Veeva follows a process approach in developing, implementing, and improving upon the effectiveness of its quality system. This approach is based on the “Plan, Do, Check, Act” philosophy. The ISMS program leverages the ISO 9001 framework of the QMS, including risk management, change and configuration management, CAPA, resource management and document management. Veeva’s ISMS program is certified against ISO27001:2013 and Trust Service Principles (SOC2). Veeva’s QMS program is certified against ISO9001:2015.
Penetration Testing
Veeva contracts a third party to perform annual white-box penetration testing.
Summary reports are made available within ComplianceDocs.
Other Useful Documents
Veeva’s Certificates can be found here