arrow_back Back to Home

Security & Compliance

Arcwork is built for pharmaceutical-grade security and regulatory compliance from day one.

Security Architecture

lock Encryption

  • In Transit: TLS 1.3 for all network communication
  • At Rest: AES-256 encryption for all data and files
  • Database: Encrypted PostgreSQL with per-tenant encryption keys
  • Backups: Encrypted, replicated across multiple regions

security Access Control

  • Authentication: Multi-factor authentication (MFA) support
  • Authorization: Role-based access control (RBAC) with granular permissions
  • API Keys: Token-based authentication with expiration
  • Session Management: Secure session handling with automatic timeout

shield_alert Vulnerability Management

  • Regular penetration testing (quarterly)
  • Automated vulnerability scanning (continuous)
  • Dependency audits and patch management
  • Bug bounty program (contact security@arcwork.app)

cloud Infrastructure

  • Hosting: AWS (US regions only, no data residency outside US unless requested)
  • Network: VPC with private subnets, security groups, WAF
  • Monitoring: 24/7 intrusion detection and logging
  • Disaster Recovery: RTO <1 hour, RPO <15 minutes

Regulatory Compliance

verified_user Regulatory Ready

Arcwork is architected to meet global regulatory standards: FDA 21 CFR Part 11, EMA guidelines, FSSAI, and more.

  • ✓ Complete audit trail logging (who, what, when, where, why)
  • ✓ Immutable record storage (no records deleted or altered)
  • ✓ User authentication and role-based access control
  • ✓ E-signature with cryptographic non-repudiation
  • ✓ System validation and change management
  • ✓ Data integrity verification (hash/checksum)

public GDPR (EU Data Protection)

Full compliance with GDPR for customers in the EU/EEA.

  • ✓ Data Processing Addendum (DPA) available
  • ✓ Standard Contractual Clauses (SCCs) for data transfers
  • ✓ Right to access, rectification, erasure, portability
  • ✓ Breach notification within 72 hours
  • ✓ Privacy by design and default

verified Industry Standards

  • SOC 2 Type II: Annual audit in progress (completion Q4 2024)
  • ISO 27001: Information security management (certification in progress)
  • EMA GMP Annex 15: Supports pharmaceutical quality systems
  • HIPAA: Compatible (if processing health data)

Data Handling & Residency

Data Storage

All artwork files, metadata, and audit logs are stored in encrypted AWS S3 buckets in US regions (us-east-1, us-west-2). Backups are automatically replicated.

Data Retention

Artwork and audit logs are retained for 7 years (FDA requirement). You can request deletion at any time; data is securely purged within 30 days.

Data Transfer

We do not use your data for AI training, competitive analysis, or any purpose beyond operating the Service. Your data is not shared with third parties except as required by law or to provide the Service.

EU Data Residency

If you require data to remain in the EU, please contact us at compliance@arcwork.app to discuss options.

Audit Trail & Compliance Reporting

Immutable Audit Logs

Every action in Arcwork is logged: who performed it, what changed, when, and from where. Logs are immutable (cannot be deleted or altered) and timestamped in UTC.

Approval Reports

Generate audit reports showing the complete history of any artwork: versions, approvals, e-signatures, validations, and access logs. Export-ready for regulatory inspection.

Access Logs

Track who accessed which artwork and when. Useful for compliance verification and investigating unauthorized access.

Security & Compliance Contacts

Security

Report security vulnerabilities or concerns

security@arcwork.app

Compliance

Questions about regulations or certifications

compliance@arcwork.app