Security And Compliance
That Your Research Team Can Trust

Audits & Certifications

SOC 2 Type II:

Radvix proudly meets the rigorous standards of SOC II Type 2 compliance, underscoring our commitment to the highest levels of security and privacy for our users. This compliance signifies that Radvix has been thoroughly evaluated and has demonstrated effective implementation of stringent security policies and procedures, designed to protect the confidentiality, integrity, and availability of our clients’ data. Achieving SOC II Type 2 compliance involves ongoing audits and monitoring, ensuring that our practices are not only up to current standards but are also maintained and improved over time.

For our users, this means peace of mind, knowing their valuable research data is handled with the utmost care and protected by industry-leading security measures. You can request our latest SOC 2 audit report by contacting us at click here to contact us[email protected]

PCI DSS:

Radvix uses Stripe to handle payment and card information, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 Service Provider. This represents the most stringent level of certification available in the payments industry. Radvix does not typically receive credit card data, making it compliant with Payment Card Industry Data Security Standards (PCI DSS) in most cases.

Radvix itself is not designed for the storage of PCI protected data and customers should ensure that they do not use the system in such a way that requires the storage of credit card information.

Infrastructure and Network Security

Radvix entrusts the hosting of customer data to Amazon Web Services (AWS), a provider renowned for its SOC 2 Type 2 certification. AWS upholds an extensive array of reports, certifications, and independent evaluations, demonstrating their commitment to maintaining cutting-edge security within their data centers.

The infrastructure supporting Radvix is situated in AWS data centers globally, which are under Amazon’s stringent control. These facilities implement a broad spectrum of physical safeguards designed to thwart unauthorized access, ensuring the utmost security of our customer data. For those seeking detailed insights into the security controls and protocols of AWS data centers, further information is readily available.

Business Continuity and Disaster Recovery

High Availability:
  • Every part of Radvix uses automatically provisioned, redundant servers to protect against failure.
  • Servers are regularly taken in and out of operation throughout the day as part of our routine operation without affecting availability.
Business Continuity:
  • Radvix keeps regular daily and weekly backups of data in multiple geographic locations on Google Cloud Platform.
  • All backups are stored in an encrypted form.
  • In the case of platform-wide production data loss we are able to restore data from these backups.
  • We regularly test our ability to restore our infrastructure from the backups we maintain.
  • We routinely verify the integrity of the backups that we hold.
Disaster Recovery:
  • Radvix primarily serves traffic from a single geographic region spread across multiple availability zones.
  • In the unlikely event of a prolonged regional outage we maintain a documented procedure for provisioning our deployment environment in a separate region.
  • Radvix has an extensively documented Incident Response process that includes documented procedures for Business Continuity and Disaster Recovery.

Data Flow

All customer data is sent to Radvix via HTTPS using TLS 1.2 or above. All Radvix systems are configured to reject connections using TLS version below 1.2 or those using potentially insecure cipher suites. Radvix operates a zero-trust network meaning that all network traffic, even within our own network perimeter, is encrypted.

Radvix regularly tests the availability and security of its SSL configuration using SSL Labs Reporting. The latest report can be viewed here. All requests into the system are logged and monitored using a combination of rule and anomaly-based systems.

Application Security

Two-Factor Authentication:

Radvix provides the option for users to add an additional layer of security to their Radvix account using Time-base One Time Passwords (TOTP). Once enabled Two-Factor Authentication applies to all authentication methods including Single Sign-On.

Sign In with Google and Microsoft:

Radvix allows users to login using their Google or Microsoft Accounts.

SAML 2.0:

Customers on our Enterprise plans are able to enable SAML-based authentication. Workspaces are optionally able to force all of their users to authenticate using SAML 2.0 to align with their own authentication requirements.

Penetration Testing:

Radvix undergoes annual black box penetration testing by an accredited third-party agency. Penetration testers are provided with a high-level diagram of application architecture and tests are run against our hosted production environment.

Information about any security vulnerabilities successfully exploited through penetration testing is used to set mitigation and remediation priorities. Customers on our Enterprise plan can request a summary of our latest penetration test findings by contacting their Account Manager.

Simplify Your Research Management with Radvix

Manage every step of your research projects in one place, from proposal to publication.

Get started nowBook a demo call