Why choose Datasite?

Our company-wide organizational security policies and procedures include:

• Regular and mandatory training for all employees in security awareness and data privacy.
• All employees must adhere to Datasite's Code of Conduct and Confidentiality Agreements, and affirm these annually.
• Software Engineering staff must also complete annual training in secure coding.
  
• Annual testing of our security incident response. This includes external and internal notifications, escalation procedures and communications criteria.
• Program to allow security researchers to find and inform us of vulnerabilities.
• An Access Management Standard, based on roles and responsibilities, requires quarterly review and documented approval. In the event of termination, access is removed within 24 hours.
• Infrastructure and application penetration testing conducted by an industry-recognized third party.

• Datasite runs securely on Microsoft Azure.
• Microsoft Azure has built-in data redundancy (i.e. multiple backups in multiple locations).
• All Datasite locations are secured with key card access. Critical infrastructure components are additionally segregated.
• Suppliers must be registered for access to office premises. Suppliers are always accompanied by Datasite personnel when on the premises.

• User information, app data, and logs are stored and maintained separately.
• Passwords are encrypted.
• Events are captured, monitored, and actioned in real time.
• Infrastructure penetration testing done by industry-recognized third party.
• File destruction begins at 30 days post project closure and meets NIST 800-88 guidelines.
• Platform data secured in transit using TLS 1.2 encryption.
• Data at rest secured with AES 256 encryption.
• Vulnerability scans conducted regularly.
• Cloudflare Web Application Firewall (WAF) monitors for malicious events
• Cloudflare DDOS protection detects and mitigates distributed denial-of-service attacks

Every Datasite product is built around rigorous security. You can execute deals end-to-end without leaving the security and comfort of the project environment. Key features include:

• One secure environment for all deal activity, including sourcing, marketing, preparation, due diligence, negotiation, closing, PMI and value capture. Data never leaves the secure space.
• Application Code is regularly scanned through the deployment process to ensure any vulnerabilities are found.
• Securely manage every phase of due diligence, including Q&A, analytics and redaction.
• Give project subject-matter experts limited admin rights to upload and publish documents.
• Protect documents from unauthorized copying with advanced watermarking.
• Control access to content down to the word-level with embedded redaction.
• Turn on, turn off, and update granular user permissions.
• Set and verify permissions prior to inviting users to your project.
• Manage permissions—whether real time or staged— by user, group, or document.
• Utilize biometric security on mobile devices.
• Change permissions for your users from your mobile device.
• Control the content of your project access disclaimers, as well as how often they’re accepted.
• Elect to set up single sign on (SSO) at an organization level to streamline and secure access to projects.
• Opt for Multifactor Authentication (MFA) as an additional layer of identity verification to increase security.
• Share content with reviewers securely, while maintaining full control over it via Information Rights Management (IRM).

Datasite is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct. Datasite maintains policies that establish expected behaviors of its employees and contractors in relation to the collection, use, retention, transfer, disclosure and destruction of any personal data belonging to a Datasite user, employee or customer.

Information on how Datasite processes personal data can be reviewed here.

• Datasite complies with the European Union (EU) General Data Protection Regulation (GDPR). 
• Datasite complies with with the Australian Privacy Principles (APP).
• Datasite complies with the California Privacy Rights Act (CPRA).
• All customer files are only hosted in source regions with hosting centers in US, Germany and Australia.  

• Datasite products are ISO 27001 certified since 2007.
• Datasite products are also ISO 27017, 27018, and 27701 certified.
  
• Datasite products obtain a SOC 2 Type II attestation on an annual basis.