Layered Protection:
Security That Keeps Your
Documents Safe
Our layered approach to security is what keeps your documents safe, confidential, and secure. We ensure our systems and protocols work together to ensure your information is protected. One layer builds on top of another, so that your virtual data room is a secure environment at all times.
Scroll Down to Learn More
Layer One: Securing the Document
Your documents are at the heart of our security model, where our virtual data rooms are built to protect each and every one of them. Firmex lets you monitor, control, and terminate access to any document from any user, at any time.
-
Customizable Document Permissions
Control who can see each document, how they can access it, and for how long.
-
Disable Save, Print, Copy and Share
Advanced digital rights management (DRM) allows you to protect documents and avoid offline leaks by preventing users from saving, printing, or copying documents.
-
Lock Down Documents
Only allow users to view documents from a specific IP address and computer.
-
Revoke Documents Remotely
Want something back? Remotely revoke document access in an instant.
-
Document Expiry
Set time limits on how long a confidential document is viewable, no matter where it goes.
-
Redaction
Easily hide, contain, and protect personally identifiable information, prior to sharing with external parties as required by GDPR in Europe, PIPEDA, PIPA, and HIPAA in North America. Learn More
Layer Two: Securing the User
Firmex’s users permissions enable you to control user access at a granular level—from site, to project, down to the folder, and even document level. Meanwhile, our virtual data rooms seamlessly handle authentication, notifications, and monitoring behind the scenes.
-
User Management
Quickly and easily add users, set their access levels, and make sure they can see only the documents you want them to see.
-
IP Restriction
Ensure users are restricted to accessing the VDR from specific IP addresses only.
-
Advanced Password Control / Lock Out Account After Multiple Attempts
Number of tries before being locked out. Reports that show incorrect logins. Change a password after X attempts.
-
Multi-Factor Authentication
Reduce the risk of password theft by requiring users and administrators to login with two factors, such as a password plus a unique one-time pin (OTP) code.
-
Single Sign On
A Firmex Virtual Data Room features SSO capabilities. By integrating with an identity provider, Firmex users can verify their identity with their SSO credentials hence making it easier to control, manage and restrict access to the VDR.
Layer Three: Securing the Virtual Data Room
The virtual data room is the glue that holds together your users and documents. As a secure environment, it makes sure that each one of your documents is available to each one of your users, while protecting against unwanted 3rd parties.
-
Dashboard and Reporting
Gain insight by monitoring when each user logs on to the data room, which files they access, and how much time they spend with documents.
-
Backups
With a Firmex Virtual Data Room, all of your data is redundantly replicated on devices across multiple facilities, in an Amazon S3 region.
-
Penetration Testing
An annual penetration testing is performed by an independent 3rd party as an audit to our internal secure development practices.
-
Vulnerability Scanning
Firmex performs automated scans that detect and alert on newly discovered vulnerabilities so they can be remediated. This proactive monitoring is constantly updated with the latest reported threat definitions to detect systems, services and applications that may be vulnerable.
-
Encryption
Firmex Virtual Data Rooms maintain an A+ score on ssllabs.com. Data transmission over the public internet is encrypted using a TLS (TLS 1.3) connection to ensure confidentiality and integrity of the data uploaded. Data at rest is stored in Amazon S3, which utilizes AWS-KMS managed keys.
-
Document Retention Policy
Unique to Subscription clients, Firmex offers 3 Document Retention Policies which govern the period of time that deleted documents will be retained and recoverable before being permanently deleted from the data room. Clients can choose the policy that best fits their individual data security, error-mitigation, and document retention obligation needs.
Layer Four: Securing It All: Industry Regulation, Certifications, and Compliance
Everything relating to your virtual data room—from the way the bytes in your document are delivered to you, to the way Firmex employees are logged when speaking to your users—is compliant with major standards and protocols. It’s a part of our entire security ecosystem.
-
Service Organization Controls (SOC) 2 Type 2 Certification
Firmex is compliant with SOC standards for the secure handling of information within a service organization. Specifically, Firmex adheres to SOC 2 trust services criteria of security and availability, which require that the system is protected against unauthorized access, use, or modification, and is available for operation and use as committed or agreed. Our controls and procedures are audited annually by SOC auditors.
-
General Data Protection Regulation (GDPR) Compliance
Firmex is compliant with the EU General Data Protection Regulation (GDPR) Requirements for Data Processors. Firmex offers its customers a choice of three locations to store document data: EU (Germany), Canada and USA. Metadata and user information is stored in Canada. The European Commission has currently determined that Canada is a safe place to store Personal Data under article 45 of Regulation (EU) 2016/679. No document data is transferred to the U.S. unless chosen as the document storage location. Review our GDPR Statement here.
-
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Firmex is compliant with the Health Insurance Portability and Accountability Act of 1966, requiring multiple technical, physical, and administrative safeguards. Our compliance is verified at the highest levels of HIPAA’s privacy, security, and breach notification assessments. Please click here to find out more and see our HIPAA certificate.