Security & Compliance Standards We Meet
| Standard | Validation | Status |
|---|---|---|
 SOC 2 Type II | Third-party | Current, renewed annually — audit report available |
| GDPR | First-party | Compliant — DPA available |
| FDA 21 CFR Part 11 | First-party | Compliant — DPA available |
| GxP Compliance | First-party | Supported — vendor qualification package available |
| CCPA | First-party | Compliant — service provider addendum available |
Certificates, reports, and supporting documentation are available through your RegDesk contact
RIM Platform Security Practices
Data Encryption
- Data at rest: AES-256
- Data in transit: TLS 1.3
- Customer data stored in isolated, single-tenant AWS containers
- Passwords stored in encrypted format
Access & Authentication
- Role-based access controls (RBAC) across all user accounts
- Multi-factor authentication (MFA) enforced for all internal users
- SSO and SAML 2.0 support for enterprise identity providers
- Least-privilege access model with regular access reviews
- Device and endpoint management enforced for internal users
Infrastructure
- Hosted on AWS
- Primary data center: Germany
- Disaster recovery and backups: Ireland
- Redundant architecture with automatic failover
- Physical badge-access controls at all office locations
Data Storage & GDPR Compliance
Data Residency
Data Processor
Strict Security Operations
Penetration Testing
- Annual third-party penetration tests by an independent security firm
- Findings reviewed and remediated before each certification renewal
- Attestation of completion available through your RegDesk contact
Incident Response
- 24/7 monitoring with automated alerts for anomalous activity
- Documented incident response protocol with defined severity levels
- Customers notified of incidents affecting their data
- Post-incident review for all events affecting customer data
Vendor Management
- All third-party providers undergo security review before onboarding
- Subprocessors reviewed annually
- Contractual data protection obligations required of all vendors
- Continuous risk monitoring for critical providers
Frequently Asked Questions
Where is RegDesk data stored?
RegDesk customer data is hosted in AWS data centers located in Germany, with disaster recovery and backup systems located in Ireland. Customer environments are isolated in single-tenant AWS containers.
Is RegDesk GDPR compliant?
Yes. RegDesk operates as a GDPR-compliant data processor under Article 28. A Data Processing Agreement (DPA) and current subprocessor list are available, and customers are notified in advance of any changes.
How does RegDesk protect customer data?
RegDesk protects customer data through AES-256 encryption at rest, TLS 1.3 encryption in transit, role-based access controls, multi-factor authentication, single-tenant infrastructure, and continuous security monitoring.
What security and compliance standards does RegDesk support?
RegDesk is SOC 2 Type II certified and supports regulated device workflows through GDPR, CCPA, FDA 21 CFR Part 11, and GxP compliance capabilities. Supporting documentation is available upon request.
How does RegDesk monitor and respond to security threats?
RegDesk maintains 24/7 monitoring with automated alerts, annual third-party penetration testing, documented incident response procedures, and ongoing vendor risk management to help ensure the security of customer data.
Can RegDesk support enterprise security requirements?
Yes. RegDesk supports role-based access controls, SSO, SAML 2.0, multi-factor authentication, least-privilege access models, security reviews, and vendor management processes commonly required by enterprise organizations.
Can RegDesk provide security and compliance documentation during vendor qualification?
Yes. SOC 2 reports, compliance documentation, vendor qualification materials, security questionnaires, and supporting documentation are available through your RegDesk contact.
