Every verdict on this site comes from putting the product to work, not from reading its marketing. The Data Room Reviews editorial team runs each virtual data room through the same hands-on sequence: we sign up, load real documents, wire up permissions, run a mock Q&A, pull the audit trail, stress-test the security controls and capture live pricing. This page walks through that process step by step, explains how we keep it independent, and tells you how to get an error fixed.

If you want the maths behind the number a review lands on, the scoring methodology covers the 40+ criteria and how the weights work. This page is about the doing.

The review, step by step

We follow the same ordered sequence for every product so no provider gets a shortcut and none gets a harder ride. Each step produces dated evidence, screenshots or exports, that we keep on file and reference in the published review.

  1. Sign up as a real customer. We start a trial or paid account through the normal front door, not a vendor-arranged demo tenant, so we see the actual onboarding a buyer would hit.
  2. Upload a realistic document set. We load a mixed set of files, folders, large PDFs, spreadsheets and images, to test bulk upload, auto-indexing, version handling and search on content that resembles a live deal.
  3. Build the permission model. We create user groups, invite guest accounts, and set view-only, no-download and expiry rules, then log in as each role to confirm the restrictions actually hold.
  4. Run a mock Q&A. We open questions, route them to the right group, and track how the workflow handles roles, notifications and reporting under a realistic back-and-forth.
  5. Export and read the audit trail. We generate the activity log, check what it captures down to the document and user, and confirm it is detailed enough to stand up in a real transaction.
  6. Run the security review. We verify encryption, two-factor and single sign-on, IP and time restrictions, watermarking and access revocation, and we check certifications such as ISO 27001 and SOC 2 against provider documentation rather than taking claims at face value.
  7. Pull live pricing. We capture current published pricing, trial terms and overage rules on the day, and we mark every figure as indicative, to be confirmed with the provider, because rate cards move.

Only after all seven steps are complete do we score the product against the criteria in our methodology and write the verdict, pros and cons.

What we always publish, even when it is unflattering

A review that hides the weak spots is an advert. Every review on this site carries the same non-negotiable elements, whatever the score.

  • An honest cons list for every product, including the top-ranked ones. If a control failed our test or a feature is thinner than the marketing suggests, it goes in.
  • Dated testing artifacts: what we tested, when, and screenshots or exports from the live room, so you can see the finding is first-hand.
  • A visible last-updated date on the page, so you know how current the verdict is.
  • Indicative pricing with the confirm-with-the-provider caveat, never a stale figure presented as gospel.

How we keep it independent

Independence is a set of rules, not a slogan. Here is how the process is insulated from the commercial side of the business.

SafeguardWhat it means in practice
Testing precedes commerceScores are set from evidence before any commercial conversation and do not change after it
No pay-for-placementNo provider can buy a higher score, a better rank, faster listing or the removal of a documented con
Labelled, contained linksWe may earn a commission on some sign-ups; those links are labelled and kept to ranked and comparison surfaces, never woven into the analysis
Same test for everyoneThe seven-step process and the scoring model are applied identically to every product, including the ones we rank first
Evidence on fileEvery claim in a review traces back to a dated artifact we can produce

The short version: a commercial relationship funds the testing, and it never touches the verdict. A product scores the same whether or not such a relationship exists, and a top-ranked product that develops a real weakness is marked down.

How to flag an error

We would rather hear about a mistake than leave it live. If a review has an out-of-date price, a mis-rated feature, a factual slip or a control we scored wrong, send the correction to the editorial team through our contact form with the page URL and, where you have it, a source or screenshot we can verify against.

We read every message, check the claim against our own evidence and, where a correction is warranted, update the page and refresh its last-updated date. Providers are welcome to submit corrections the same way; the standard is the same for everyone, a verifiable fact, not a request to soften a verdict. If you would like to see the criteria behind a specific score first, start with the methodology.