Built for the data auditors read line-by-line.
V5 Ultimate stores eBMRs, eDHRs, complaints, CAPAs and operator e-signatures — the records a regulator opens first. We engineer security as if the next FDA inspector is reading the database tomorrow. Because eventually one is.
What we protect, how we protect it
Encryption — in transit and at rest
TLS 1.2+ on every connection. AES-256 at rest for database, file storage and backups. On-Premises customers own their encryption keys via your KMS — we never see them.
Identity — SAML SSO + SCIM 2.0
Self-serve SAML 2.0 against any IdP (Okta, Entra ID, OneLogin, Google Workspace SAML, JumpCloud). SCIM 2.0 auto-provisioning — deprovision in your IdP and V5 atomically revokes sessions, roles and membership the same second.
Access control — RBAC + workspace isolation
Roles are stored in a separate user_roles table (not on profiles) to prevent privilege escalation. Every query is RLS-scoped per tenant via security-definer SQL functions. Platform admin gated by hard-coded email allowlist.
Audit trail — immutable, queryable, Part 11
Every signature, every override, every regulated record write lands in an immutable audit table with operator, timestamp, IP, reason, before/after hash. Surfaceable in compliance reports — never edited, never deleted.
Monitoring & incident response
24/7 monitoring on production. Anomalies (failed sign-ins, SCIM token misuse, unusual export volume) page on-call. Documented incident-response runbook; customer notification on confirmed incidents per contract.
Deployment — Cloud or On-Premises
Cloud is hosted on hardened infrastructure with multi-region failover and continuous backup. On-Premises ships as signed containers you stage in your data centre — air-gap capable, customer-owned database and keys.
The checklist your security team will ask for
Application controls
- Two e-signatures (preparer + independent reviewer) on formula and master document approval — same-person approvals rejected per 21 CFR 211.186 / 111.205.
- Immutable approved formulas — edits create v+1 and the previous version stays read-only.
- Operator-only users locked to /app/kiosk — no admin UI access.
- Hard kiosk gating — operator cannot start a task if assigned required training docs are overdue or unacknowledged.
- Out-of-calibration devices refuse to write to any regulated record.
Platform controls
- Row-Level Security on every tenant-scoped table; security-definer functions for cross-tenant operations.
- Service-role database key isolated to server-side admin operations; never bundled to client.
- Secrets stored in encrypted secret manager; rotated on schedule.
- Annual third-party penetration test; reports available under NDA.
- SOC 2-ready control set (Cloud deployment); On-Premises customers inherit by deploying in their accredited environment.
Data residency & ownership
- Cloud: choose data residency at workspace creation (US / EU on request).
- On-Premises: data never leaves your environment — air-gap capable.
- Customer-owned export: every regulated record exportable as signed PDF + machine-readable JSON.
- No customer data used to train AI models. AI inference can be pointed at your private endpoint on On-Premises.
We answer security questionnaires without flinching.
Pen-test summaries, SOC 2 control mapping, data-flow diagrams, sub-processor list, DPA and standard contractual clauses — available under NDA. Most enterprise security reviews close in a week.