Veratrak offers secure and compliant document transfer, and facilitates collaboration between supply chain partners to generate efficiencies across operations. With the aim to move companies from paper to platform, Veratrak drives digital transformation to create a safer, more secure future for the industry’s critical supply chains. As such, Veratrak operates in accordance with GAMP 5® guidelines, GxP Data Integrity, and FDA 21 CFR Part 11 guidelines to enable our customers to achieve compliance and security.

Veratrak is developed, designed, and maintained with security as a top priority. The Veratrak platform is designed to maximise security for data at rest and in transit, and we enable Clients to match their security requirements with configurable features to ensure data is safe and secure.

The entire Veratrak platform uses HTTPS / SSL for securely transmitting encrypted data. Documents are accessible within the platform for authenticated and permissioned users preventing any external, unauthorised access.

Veratrak is built on Amazon’s secure data centres and utilises the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data centre operations have been accredited under:

Veratrak uses a token (JSON web token) based authentication system to allow customers to interact with the platform. Unauthorised personnel are not be able to access the Veratrak user interface nor its resources unless invited to the platform by email from a Client. Invited users can be managed by an Administrator, granting them the appropriate levels of access permissions.

The Veratrak platform supports Multi-Factor Authentication (MFA) during login as a custom add-on feature.
​
When enabled, Veratrak can require users to prove authentication, adding an additional security check beyond username and password, for users to verify identity. This is accomplished through utilising a One-Time Password (OTP) authentication app (such as Authy, Google Authenticator, or Duo) on a mobile device.
​Learn more about Veratrak & Multi-Factor Authentication

Standard roles with set permissions are provided to our customers upon implementation, however, permissions assigned to these roles can be customised and additional custom roles can be generated upon request by Clients.

Veratrak’s standard roles and permissions are:

Internal Roles (for Veratrak Clients)

External Collaborators (invited by paying Veratrak Clients)

Permissions are designed to be flexible and Veratrak offers configurable security features to designate access to specific individuals and roles for Clients.

Learn more about Roles in Veratrak

Veratrak’s electronic signature (e-signature) service is designed for Veratrak customers to securely and efficiently achieve FDA 21 CFR Part 11 compliance, capturing the signature bearer, date, time, and signature meaning. Veratrak’s e-signature adheres to:

In doing so, Veratrak requires users to re-authenticate credentials (username and password) prior to each signature, confirming identity and permission, and captures the following data at minimum:

Veratrak imprints all FDA 21 CFR Part 11 relevant data to the document itself and this data is captured and stored on Veratrak’s GxP Audit Log.

Veratrak uses the Ethereum blockchain for its iron-clad Audit Log (a GxP Audit Trail). For each event recorded in Veratrak’s Audit Log, Veratrak generates a hash of this event to create a unique fingerprint. Veratrak then adds this fingerprint, containing no business-sensitive information, to a public blockchain ledger. This solution, winning the 2018 Oxford University Innovation of the Year Award, ensures a Audit Log events are:

Veratrak Clients can utilise the matching tool within the Audit Log to validate the authenticity of these events and confirm storage on the public blockchain.

Veratrak utilises Amazon Web Services (AWS) Fargate best-in-class infrastructure, and has been built alongside AWS architects. This enables the Veratrak team to deploy new features to our customers in a streamlined, secure manner, and enables us to scale our infrastructure as we grow.

Veratrak’s standard practice is to store all of our cloud-based data (database and files) within the EU (Ireland).

Veratrak can configure this data storage location for Clients to various AWS Regions in North America, Europe, South America, Middle East, and Asia Pacific found here.

The objects are encrypted using server-side encryption with Amazon S3-managed keys (SSE-S3). Amazon S3 encrypts an object before saving it to disk, and decrypts it when a user downloads the objects.

Veratrak uses HTTPS to encrypt data in order to increase security of data transfer between the application frontend and the server.

Helpful Resources:
Learn more about Veratrak's Quality & Validation processes, our strict password requirements, and enabling Multi-Factor Authentication