All file uploads are stored at Amazon S3 and only accessible by authenticated users inside the application.
By default, documents are available to all users, but each document can be configured to only be viewable by certain users/roles.
VendorRisk allows a wide variety of files to be uploaded — PDF, Office docs, audio, video, etc.
Each time a document is viewed/downloaded, it is tracked in the database and its history can be viewed.