Security & Compliance
Security & Compliance Documentation
Everything your security, IT, and procurement teams need to evaluate DNXT Publisher for your organization
SOC 2 Type II
Annually audited
21 CFR Part 11
FDA compliant
HIPAA
BAA available
GDPR
EU data protection
GxP Validated
IQ/OQ/PQ complete
Regulatory Compliance
Built from the ground up to meet the requirements of regulated life sciences organizations
21 CFR Part 11 Compliance
Full compliance with FDA electronic records and signatures requirements
- Electronic signatures with meaning manifestation
- Signature/record linking via cryptographic hash
- Complete audit trail of all system activities
- Authority checks for all operations
- Device checks and session controls
- System validation documentation
EU Annex 11 Compliance
Compliant with European computerized systems requirements
- Risk management documentation
- Validation and qualification records
- Change control procedures
- Security and access controls
- Backup and recovery procedures
- Supplier qualification records
HIPAA Security Rule
Technical safeguards for protected health information
- Access controls and unique user IDs
- Audit controls and activity logging
- Transmission security (TLS 1.3)
- Encryption at rest (AES-256)
- Integrity controls and checksums
- Business Associate Agreements
GDPR Data Protection
Full compliance with EU General Data Protection Regulation
- Data processing agreements
- Right to access and portability
- Right to erasure (deletion)
- Data minimization practices
- EU data residency options
- Data Protection Impact Assessments
Security Architecture
Enterprise-grade security controls across infrastructure, application, and data layers
Infrastructure
- Microsoft Azure / AWS hosting
- SOC 2 Type II certified data centers
- Geographic redundancy
- Auto-scaling and load balancing
- DDoS protection
- Web Application Firewall
Application Security
- Secure SDLC practices
- OWASP Top 10 protection
- Regular penetration testing
- Static code analysis
- Dependency vulnerability scanning
- Security incident response
Data Protection
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Customer-managed keys (BYOK)
- Hardware Security Modules
- Data isolation per tenant
- Secure backup and recovery
Procurement Documentation
Download the documentation your security and procurement teams need
Security FAQ
Common questions about our security and compliance practices
Where is data stored?
Data is stored in SOC 2 certified Microsoft Azure data centers. We offer US, EU, and other regional data residency options to meet your compliance requirements.
How is data encrypted?
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Enterprise customers can use their own encryption keys (BYOK).
Do you support SSO?
Yes, we support SAML 2.0 and OIDC SSO with all major identity providers including Okta, Azure AD, OneLogin, and Ping Identity.
How often are you audited?
We undergo annual SOC 2 Type II audits, regular penetration testing (at least annually), and continuous vulnerability scanning.
What's your uptime SLA?
We guarantee 99.9% uptime with enterprise SLAs available up to 99.99%. Current status is available at status.dnxtsolutions.com.
Can we conduct our own security assessment?
Yes, we welcome customer security assessments. Contact us to schedule a security review call with our team.
Ready for a Security Review?
Schedule a call with our security team to discuss your requirements
