InCountry Data Governance for Veeva Systems

This blog was previously published here.

As the topic of data governance has become more and more noteworthy around the globe, one of the most affected industries has been healthcare. Life sciences research and other related data would normally be shared freely, but as governments have begun passing stricter data regulations that favor data localization, the healthcare industry now needs to adjust. 

Healthcare organizations big and small use Veeva Systems, one of the biggest CRM providers in the world and the leading SaaS in the life sciences industry. For organizations to continuing using Veeva freely in multiple countries in accordance with rising data protection standards, an outside solution is necessary. 

What Veeva Does

Veeva Systems is so much more than a simple CRM. Veeva combines nearly every aspect you could dream about—customer reference data, master data management, analytics, service offerings, etc.—to coalesce into the premier life sciences CRM platform.

Veeva Vault is the only content management platform able to manage both content and data simultaneously, meaning companies can streamline end-to-end processes safely and confidently across Veeva’s commercialmedicalclinicalregulatoryquality, and safety applications.

All Veeva applications are built on the same core platform, further increasing efficiency without compromising on data security or workflow structure. This focus on invaluable data is another factor separating Veeva’s products from competitors.

Data Compliance and Governance in Veeva

Veeva has mechanisms in place like real-time risk management and vault signals to guarantee the safety of data, but where data can be stored is a matter that’s out of the company’s hands. Data governance has shifted in the past decade to focus more on restricting sensitive data from leaving the country where the data originated. This particular aspect of data governance is referred to as data localization, since regulated data needs to be kept locally.

This poses a problem even for massive SaaS providers like Veeva, Salesforce, and ServiceNow, as each only has about a few handfuls of countries where their customers can store data. Beyond any data center agreements the companies may personally have with local cloud providers, hyperscalers like AWS simply do not cover enough places to satisfy the constant stream of new local data regulations. 

Veeva has hundreds of customers, many of whom are massive international life sciences organizations like Pfizer. For these customers to continue using Veeva without fear of violating a data regulation in any of the countries where they operate, they need to distribute and localize data from the respective country of origin.

This lack of data regulation coverage is the lone gap in Veeva’s otherwise exemplary data management. Instead of Veeva—or any other SaaS—building up and maintaining a costly network of global data centers themselves, they outsource the problem to specialists: in this case, InCountry. 

Completing Data Compliance in Veeva

InCountry offers data compliance in over 90 countries worldwide, including in key markets like China, Russia, Turkey, and Saudi Arabia, where data regulations are strict. The combined coverage of all the hyperscalers around is under 30 countries, and none satisfy local data protections in these countries. 

Instead of scrambling together a patchwork network of cloud providers and trying to manage multiple compliance stacks, InCountry offers Veeva Systems users the chance to bring the entirety of their data protections compliance under one umbrella with a network of geographically distributed servers and data centers and verified compliance with global standards such as PCI DSS as well as country-specific legislation like Russia’s FZ-152 and the U.S.’s HIPAA. 

InCountry efficiently distributes and localizes Veeva CRM data by splitting it into regulated and unregulated channels, so only regulated data needs to be handled. Any unregulated healthcare data will be saved to Veeva Systems as it otherwise would, meaning only a small percentage of data actually goes through InCountry. This limited stream ensures minimal to no changes in a company’s workflow and infrastructure, all while enjoying the benefits of compliance in every market a company occupies.

Veeva Inside Country

By opting for InCountry data residency for Veeva, life sciences companies will no longer need to worry about procuring local data centers worldwide, or designing additional network architecture or data security measures on top of what Veeva provides. InCountry is virtually plug-and-play, with little-to-no coding requirements or routine upkeep.

Setting up InCountry Data Residency for Veeva

To get started with InCountry for Veeva, you need to install and activate the platform. From there, configuration includes three phases:

  1. setting up a connection to the InCountry platform
  2. configuring the data regulation model and the field rendering mode
  3. creating configuration rules.

After receiving the necessary connection details, choose the applicable data regulation model—based on how strict a country’s data regulations are—and how InCountry will render fields containing regulated data. 

Now when you create records with regulated data, this data will be physically saved to the InCountry platform in the corresponding country. The app will hide the actual values of protected fields and load them only if the users viewing them are in the country of the data’s origin. 

Besides protected fields with regulated data, InCountry also supports the remote storage of attachments with sensitive data. The application handles attachments the same way as it does protected fields, eliminating further compliance risks without users needing to move a muscle. 

Once the system is set up, Veeva users will be compliant with data protection regulations worldwide. That means further protection on top of Veeva’s data security and no need to worry about adjusting your Veeva CRM or shying away from entering regulated markets.