Virtual Data Room Blog

Secure Data Rooms: 10 Key Questions to Ask Your Vendor

Dec 19, 2017 11:00:00 AM / by Maria Rubio


One of the key required features of a virtual data room (VDR) is the security of your documents. You need to know that the right people have access to the right documents and that everything is kept within a secure, tightly controlled environment. But with multiple options out there, how do you know which vendors will keep your documents safe and secure?

We have outlined ten questions you should ask any potential VDR vendor to ensure the security of your sensitive documentation.

1 - Infrastructure.  Your confidential information will be stored in servers of the Virtual Data Room provider. How secure are those servers? Where are they located? Are world class standards met? The best way to check this is to ask whether they have third party certifications of ISO27001, SSAE 16 and ISAE 3402. These certifications provide benchmarks of processes that establish world class standards in security.

2 - Secondary server. A secondary server is a must for a Virtual Data Room provider. If the primary server goes down for any reason whatsoever there should be a backup server that is regionally separated, replicates the data at all times and automatically activates if the primary server goes off. As well as security, this ensure that you won’t be left without access to your documents at a crucial time.

3 - 24-7 support. Is there a team responsible for maintaining the servers? Is that their primary role? Are they specialists in identifying and resolving any eventualities? It’s vital that you have access to expertise whatever the time or day, so make sure that you will always have someone on hand to help.

4 - The software. Each VDR platform will be created differently even if the eventual purpose is the same. Is the technology tried and tested? How many transactions have already been run on this particular Virtual Data Room? How long has the company been in the industry?

Make sure you aren’t a guinea pig for a new, untested technology that could have security vulnerabilities, as well as issues with stability and usability.

5 - Evolution.  How has the data room evolved based on the feedback of clients? Are new features tested before releasing them to live environments? Is there a CTO in the company or is the work outsourced? Is there a team which focuses only on improving the data room with the latest software development?

The data room should be constantly evolving with new features and new coding to ensure that it is safe in the face of new online threats and has features that clients find useful.

6 - Background check of the delivery team. This is a crucial factor that will affect your experience of working with your data room vendor. Has the team been vetted? Do they have a reliable work history? What is their work experience like? Have they been trained? For how long have they been trained? Is their work quality checked before it gets executed? How long are they trained for before working on live transactions?

While everything might sound great when you’re talking to the sales team, insist on getting to know the actual people that will be delivering the service on a day-to-day basis. These are ultimately the people that will direct your product experience.

7 - Process infrastructure. Are there security measures to ensure data integrity is maintained within the office environment? Are there any ISO certifications regarding process? Do deal coordinators need verified passes to enter the rooms? Are there cameras in the work area to maintain security?

The majority of problems that are experienced will be due to user error. Check what processes are being followed and how this impacts areas such as security and service.

8 - Employee audits Can your employee activity be monitored via the data room? How can we ensure that they don’t copy the data on a USB and take it with them? Are there enough deterrents to ensure that your data remains secure?

Managing security at a user level is just as crucial as keeping hackers and other external threats out of your system.

9 - Execution process.  Does it flow from one teammate to another? Is everything logged to coordinate process? Is each employee trained to follow the process at all times? Is process is not followed does it get flagged to the rest of the team?

A seamless process ensures seamless security.

10 - Termination process.  Is care taken when turning off security to return the data? Does the team ensure that the client checks the data to ensure that its an exact replica? Is the data removed from the server only after written confirmation is received?

You need to ensure that once the deal is done, any sensitive documentation is successfully removed and all copies are accounted for.

Security seems simple but in reality it is extremely complex. It spans both technical issues and working processes to ensure that documentation cannot be accessed by third parties, but also that the right people have access to the right documentation.

You also need to consider how people can access and copy documentation to ensure that you know exactly where all of your sensitive documents are at any given time.

With the number of data room providers increasing all the time, make sure that you prioritise security and that you ask the right questions when compiling your shortlist.


Virtual Dataroom information Request