Site & Data Security

Many EHS software vendors say that their solutions are designed and tested to ensure the security and privacy of your data, but at VelocityEHS, our commitment to protecting your data is more than just talk.  For example, we are one of the only providers to provide SOC 2 Type II-compliant controls across our entire solution stack.

Click here to learn more about our comprehensive data security and privacy controls.


SOC 2 Compliant

Since 2011, the VelocityEHS Platform has been annually certified by third-party audit firm Auditwerx for compliance with AICPA SOC 2 Type II standards (formerly SAS 70). Adherence to SOC 2 also ensures close alignment with a wide range of national and international data protection requirements, including PIPEDA, ISO 27001, HIPAA, CSAE 3416 Type 2, ISAE 3402 Type 2, EU-GDPR, Privacy Shield, and similar Safe Harbor principles. Learn more

Infrastructure Redundancy

Our Infrastructure is designed for 24/7 operation, with built-in redundancy at every point of our SaaS solution. Climate controlled data centers, redundant storage and flash arrays, load-balanced web applications, robust database platforms, and redundant hardware are among the many highlights.

Data Encryption

VelocityEHS leverages strong encryption to protect your data, supporting the highest Transport Layer Security, ensuring all data transmitted between your web browser and our servers remain private and integral.

Data Protection and Backup

All customer data is continuously backed up and stored at a secure off-site facility.

Physical Security

Our secure hosting facility is equipped with state-of-the-art security features, including 24-hour staffing, photo identification systems, and biometric identification devices.

User Authentication

A valid username and password are required to access all elements of the VelocityEHS SaaS platform. All transactions are authenticated.

Operating System Security

VelocityEHS enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all system accounts with passwords and follow best practices for regularly modifying them. All servers are regularly patched with the latest security patches and updates.

Perimeter Defense

Our Infrastructure is continuously monitored for attempted network attacks on a 24/7 basis, employing a suite of dynamically-updated leading-edge Firewalls and software tooling including Anti DDOS, Antivirus / Malware Inspection, and Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS).