Security & Compliance

Trust, privacy, compliance and security are central to everything we do at Datasite. For over 25 years you have entrusted us with your most sensitive information. We take this responsibility seriously, continuously investing in industry-leading security across all aspects of our business.

Why do dealmakers trust Datasite?

Security Icon

Security

Know your data is secure with Datasite. We have embedded security at every level: platform, processes and people.

Privacy Icon

Privacy

For over 25 years you have entrusted us with your most sensitive information. We take this responsibility seriously, continuously investing in industry-leading security across all aspects of our business.

Compliance

Compliance

Datasite commits to the highest global standards to bring you the best in technology and security. Wherever you are in the world, we help you get your deal done right.

Security

Security Culture

Datasite has invested in an industry-leading security culture, led by our Chief Information Security Officer (CISO). Our company-wide organizational security policies and procedures include:

  • Regular and mandatory training for all employees in security awareness and data privacy.
  • All employees must adhere to Datasite's Code of Conduct and Confidentiality Agreements, and affirm these annually.
  • Research and development staff must also complete annual training in secure coding.
  • Annual testing of our security incident response. This includes external and internal notifications, escalation procedures and communications criteria.
  • Program to let white hat hackers inform us of vulnerabilities.
  • An Access Management Standard based on roles and responsibilities, requiring quarterly review and documented approval. In the event of role change or termination, access is removed within 24 hours.
Physical Security
  • Datasite runs securely on Microsoft Azure.
  • Microsoft Azure has built-in data redundancy (i.e. multiple backups in multiple locations)
  • All Datasite locations are secured with key card access. Critical infrastructure components are additionally segregated
  • Suppliers must be registered for access to office premises. Suppliers are always accompanied by Datasite personnel when on the premises.
Platform Security
  • User information, app data, and logs are stored and maintained separately.
  • Passwords are encrypted
  • Customer files are backed-up and encrypted
  • Data in-transit is fully secured
  • Events are captured, analyzed, and actioned in real time.
  • Perimeter defenses includes reverse proxy and a proactive multi-layer network.
  • Infrastructure penetration testing done by industry-recognized third party.
  • Documents are converted to secure formats
  • Files are purged 30 days after close
Application Security

Every Datasite product is built around ironclad security. You can execute deals end-to-end without leaving the security and comfort of the project environment. Key features include:

  • One secure environment for all deal activity, including sourcing, marketing, preparation, due diligence, negotiation, closing, PMI and value capture. Data never leaves the secure space.
  • Securely manage every phase of due diligence, including Q&A, analytics and redaction.
  • Give subject-matter experts limited admin rights to upload and publish documents.
  • Protect documents from unauthorized copying with advanced watermarking.
  • Control access to content down to the word-level with embedded redaction.
  • Turn on, turn off, and update granular user permissions 
  • Stage permissions prior to inviting users
  • Manage permissions—whether real time or staged— by user, group, or document
  • Set automatic and periodic password resets
  • Check in with two-factor authentication on all platforms—and biometric security on mobile devices.
  • Change permissions for your users from your mobile device.
  • Control the content of your project access disclaimers, as well as how often they’re accepted.
  • Single sign-on (SSO): You can access projects via SSO to improve efficiency and productivity
  • Multi-Factor Authentication (MFA): You can add an additional layer of identity verification to increase security
  • Information Rights management (IRM): Share content with reviewers securely, while maintaining full control over it
Data / Content Security
  • All documents converted to secure formats
  • Back-up and encryption for your files
  • All your files purged 30 days after project close
  • User data secured in transit using TLS 1.2 Encryption
  • Data at rest secured with AES256 encryption
Vulnerability Assessment
  • Infrastructure and application penetration testing conducted by an industry-recognized third party.
  • Regular vulnerability scans
  • Endpoint security is bolstered with third-party tools

Privacy

Data Privacy Statement

Datasite is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct. Datasite maintains policies that establish expected behaviors of its employees and contractors in relation to the collection, use, retention, transfer, disclosure and destruction of any personal data belonging to a Datasite user, employee or customer.

Information on how Datasite processes personal data can be reviewed here.

Global Privacy

Compliance

Compliance
  • Datasite products are ISO 27001 certified since 2007
  • Datasite products are also ISO 27017 and 27018 certified
  • Our infrastructure provider is ISO 27001 certified and has obtained a SOC2 Type II attestation
  • Datasite products obtain a SOC 2 Type II attestation on an annual basis

 

  • We are Datasite

    The best people. And the best technology – a SaaS platform that works across the M&A lifecycle. However you do your deals. This is the place to make them.

  • Datasite Help Center

    Questions about Datasite, M&A, or Data Rooms? We have the answers for you.