GuideLegal NotesCloud Security Statement

Vizydrop Cloud Security Statement

Overview

Vizydrop SaaS Cloud uses a reliable physical infrastructure and runs on a secure network that's built around data security to ensure that your information remains private, secure and available. Our servers and services are hosted at IBM Cloud and Amazon AWS, a world-class hosting services companies. Vizydrop is responsible for monitoring, managing and securing Vizydrop Cloud.

Facilities

Data locations for Vizydrop clusters are:

  • Dallas(DAL05. DAL06, DAL09) as main location and Houston(HOU02) as backup location for America
  • Amsterdam(AMS01) as main location and London (LON01) as backup location for Europe
  • Custom data locations are possible for Private Cloud customers.

Certification

IBM Cloud and Amazon AWS security procedures are based on industry best practices, confirmed by certificates including (but not limited to): ISO 27001, ISO 27018 and PCI DSS. Respective information is available at https://www.ibm.com/cloud/compliance and https://aws.amazon.com/compliance/ . Vizydrop is using and following processes and practices from applicable NIST SP 800 publications, i.e. SP 800-53 as well as ISO27001, additional information and documents can be provided per request.

Vizydrop data handling and processing is compliant with GDPR, additional information is available in Privacy Policy and Terms of Service.

Customer Data Segregation

Each Vizydrop account space is an isolated within its own data, so no one can access your account from another application. Each user in any Vizydrop Cloud has a unique username and password. After authentication, any request to the Vizydrop server is strictly tied to user identity. This keeps your data private, secure and protected. Regular (at least quarterly) vulnerability scans are performed.

Data Storage and Security

Network Security Highlights

  • Firewalls from industry leaders to ensure connection security
  • Full network redundancy
  • Encrypted VPN-only access to production networks. A limited number of Support and Infrastructure team members are allowed to access production networks using the “least privilege” principle. Mobile-based 2FA enforced for management and VPN connections.
  • Regular network vulnerabilities and anti-virus scans are performed to ensure servers security
  • Host level firewalls are enabled and configured to ensure a minimal number of services are exposed

Server Security

  • Our servers run recent versions of Linux operating systems that are updated to the latest patch bi-weekly or quarterly depending on the priority of patches .
  • Scans for vulnerabilities, configuration issues as well as anti-virus scans with central management and reporting are enabled
  • Automated configuration management based on tools from major vendors
  • 24/7/365 performance and security monitoring based on standard and custom tools with e-mail, SMS/push notifications and phone calls.

Workstations security

Workstations are centrally managed by AD Group Policy with password complexity requirements, forced sleep after 30 minutes of inactivity, and complete Endpoint Protection suite from top-tier vendor installed with forced daily scans and all modules enabled. VPN connections to corporate resources are available to a limited number of users and are logged and monitored for suspicious activity.

Data Retention

Uploaded Data is retained indefinitely while you are our customer. At the end of Service Term your data will be removed within 180 days. Alternatively it may be removed immediately per request.

Backups

All transaction logs and database backup files are stored in object storage in two geographically distributed locations within continent (within United States for North and South America-based accounts and Netherlands/Germany in case of EMEA-based accounts). Backups are encrypted with strong AES256 encryption, encryption key is stored in a secure vault. All backups are rotated every 180 days.

Disaster Recovery

Vizydrop services run on multi-node highly available clusters to ensure exceptional uptime and availability. Vizydrop’s infrastructure team has a disaster recovery process in place and it is tested on a regular basis.