Information security is an integral part of the Viedoc offering. Preserving the confidentiality, integrity, and availability of your data, and keeping your confidence in that we do so, means everything to us.

On this page, we collect information about current status, as well as planned improvements, of the Viedoc services in terms of information security and protection of privacy.



US Instance launched, effective 2023-10-26

  • US instance was launched and the instance specific documents for Terms of use, Privacy Policy and Sub-processor list are uploaded
  • SLA and DPA have also been updated. New maintenance window has been added to the SLA for US instance.


 



Update to Service Level Agreement and sub-processors, effective 2022-JAN-01

  • Maintenance window will be moved from Sunday to Saturday due to customer demand
  • Support for Internet Explorer will be discontinued due to information security considerations
  • Support for older browser versions will be discontinued due to information security considerations
  • Additions of custom availability guarantees for Viedoc Connect and Viedoc Auto-coding by UMC KODA
  • Additions of sub-processors to our Japanese instance: Elastic Email, Amazon Web Services, WhereBy
  • Removal of sub-processor to our Japanese instance: MailJet
  • Additions of sub-processors to our European instance: OVH Cloud, SMS Teknik, Amazon Web Services, WhereBy


 



Update to Service Level Agreement 
due September 27, 2020

Discontinued support for TLS 1.0 and 1.1

Transport Layer Security (TLS) is a critical security protocol used to protect web traffic. It provides confidentiality and integrity of data in transit between clients and servers exchanging (often sensitive) information. To best safeguard this data, it is important to use modern and more secure versions of this protocol.

Viedoc currently supports TLS 1.0, 1.1, and 1.2. TLS 1.2 was published over a decade ago to address weaknesses in TLS 1.0 and 1.1 and has enjoyed wide adoption since then. Apple, Google, Microsoft, and Mozilla have all either recently disabled, or are soon due to disable, support for these two broken versions 1.0 and 1.1 of the protocol in their latest versions of their respective browsers.

Our statistics show that during the past year, 0.1% - 0.6% of users, depending on Viedoc instance and region, have connected using any of these two deprecated protocols and thus may be impacted by this discontinuation. The forecast is that within another six months from now, these numbers will rapidly decrease due to efforts of the industry to phase these protocols out.

Discontinued support for Internet Explorer 8, 9 and 10

Microsoft ended general support for Internet Explorer version 10 on January 12, 2016. Yet many organizations have struggled with phasing it out, including even the prior versions 9 and 8. Our statistics show that during the past year, the usage of Internet Explorer 8, 9, and 10 have been 0.1 - 0.4%, depending on Viedoc instance and region. The time is here to favor increased information security and discontinue the support for these versions.

Adding support for Edge, updating other browser version numbers to reflect TLS discontinuation

Microsoft Edge is already informally supported, but as we’re updating the SLA, we’ll take the opportunity to add it as formally supported. The list of supported browsers and their versions will be as follows:

  • version 11 or later of Internet Explorer
  • version 30 or later of Chrome 
  • version 7 or later of Safari 
  • version 27 or later of Firefox 
  • version 79 or later of Edge (Chromium) 

The exception concerning the Medical Coding feature in Viedoc 3 will be changed to: supported in all of the above but requires compatibility mode when Internet Explorer is used.


 



Update to authentication infrastructure
due December 1, 2020

Replacement of OTP physical tokens with email and SMS

To further strengthen the stability, availability, and security of the Viedoc platform, we are retiring the now 10+ years old Entrust OTP physical token system, used as second factor to authenticate Viedoc 3 Project Controller administrators, and replacing it with email and SMS-based 2FA.

The option to use email or SMS as second factor when authenticating VPC administrators has been available in parallel to the physical token system for several years. After entering username and password, instead querying the OTP physical token for a code, for accounts that have any of the email or SMS options enabled, a button to receive a code appears. After pressed, the code is sent to your email or phone, and should then be entered on the login page.

The physical token system will be retired on December 1, 2020, but we encourage VPC administrators to contact your Viedoc support representative at your earliest convenience to arrange a switch to email or SMS authentication.

Viedoc is a leader in Electronic Data Capture (EDC) on G2
Sep 29, 2023

"The system is incredibly robust and is very user friendly, both to sponsor level satff, as well as site staff who remotely enter data."