Information security is an integral part of the Viedoc offering. Preserving the confidentiality, integrity and availability of your data, and keeping your confidence in that we do so, means everything to us.
 

On this page we collect information about current status, as well as planned improvements, of the Viedoc services in terms of information security and protection of privacy.
 



Update to Service Level Agreement 
due September 27, 2020

 

Discontinued support for TLS 1.0 and 1.1

Transport Layer Security (TLS) is a critical security protocol used to protect web traffic. It provides confidentiality and integrity of data in transit between clients and servers exchanging (often sensitive) information. To best safeguard this data, it is important to use modern and more secure versions of this protocol.

Viedoc currently supports TLS 1.0, 1.1 and 1.2. TLS 1.2 was published over a decade ago to address weaknesses in TLS 1.0 and 1.1 and has enjoyed wide adoption since then. Apple, Google, Microsoft and Mozilla have all either recently disabled, or are soon due to disable, support for these two broken versions 1.0 and 1.1 of the protocol in their latest versions of their respective browsers.

Our statistics show that during the past year 0.1% - 0.6% of users, depending on Viedoc instance and region, have connected using any of these two deprecated protocols and thus may be impacted by this discontinuation. The forecast is that within another six months from now these numbers will rapidly decrease due to efforts of the industry to phase these protocols out.

Discontinued support for Internet Explorer 8, 9 and 10

Microsoft ended general support for Internet Explorer version 10 on January 12, 2016. Yet many organizations have struggled with phasing it out, including even the prior versions 9 and 8. Our statistics show that during the past year the usage of Internet Explorer 8, 9 and 10 have been 0.1 - 0.4%, depending on Viedoc instance and region. The time is here to favour increased information security and discontinue the support for these versions.

Adding support for Edge, updating other browser version numbers to reflect TLS discontinuation

Microsoft Edge is already informally supported, but as we’re updating the SLA we’ll take the opportunity to add it as formally supported. The list of supported browsers and their versions will be as follows:

  • version 11 or later of Internet Explorer 
  • version 30 or later of Chrome 
  • version 7 or later of Safari 
  • version 27 or later of Firefox 
  • version 79 or later of Edge (Chromium) 

The exception concerning the Medical Coding feature in Viedoc 3 will be changed to: supported in all of the above but requires compatibility mode when Internet Explorer is used.
 



Update to authentication infrastructure
due December 1, 2020

 

Replacement of OTP physical tokens with email and SMS

To further strengthen the stability, availability and security of the Viedoc platform we are retiring the now 10+ years old Entrust OTP physical token system, used as second factor to authenticate Viedoc 3 Project Controller administrators, and replacing it with email and SMS based 2FA.

The option to use email or SMS as second factor when authenticating VPC administrators have been available in parallel to the physical token system for several years. After entering username and password, instead querying the OTP physical token for a code, for accounts that have any of the email or SMS options enabled, a button to receive a code appears. After pressed, the code is sent to your email or phone, and should then be entered on the login page.

The physical token system will be retired on December 1, 2020, but we encourage VPC administrators to contact your Viedoc support representative at your earliest convenience to arrange with a switch to email or SMS authentication.

Viedoc is compliant with and/or a registered provider of the following regulatory systems: GDPR, FDA 21 CFR Part 11, ICH GCP, GAMP 5, HIPAA and CDISC.

Don’t hesitate to contact us if you would like to know more about Viedoc’s fulfilment of a specific regulation or audit us.