Security measures

Last Updated: March, 2022

Certifications

Virtual Vaults is ISO / IEC 27001: 2013 certified. The ISO certificate and/or Statement of Applicability are available upon request.

Security audits

Independent auditors and external experienced pentesters periodically check the security of our software and infrastructure through white box pentesting. During these tests, they use the same tools and techniques that malicious hackers use (Hacking-as-a-Service).

Risk management

The ISO 27001 standard guarantees a structured and effective approach for the identification, analysis, evaluation and treatment of risks. Partners, suppliers, employees, customers and external experts are also included in this process.

Data storage and compliance

All data uploaded to our services receive the strong 256-bit AES encryption (both during transfer and at rest) and are stored with Geo-redundancy. The data are secure on Microsoft Azure data center servers, with the most comprehensive compliance of all cloud service providers. Read more information about Microsoft compliance.

Personnel screening and training

We screen all our employees extensively. This includes, but is not limited to, checking all qualifications, at least two references and criminal records (VOG). Employees regularly receive training for security awareness and must sign a Non-Disclosure Agreement.

Access Control

We adhere to the 'principle of least privilege'. We use two-factor authentication on all production systems. We follow strict on-boarding and off-boarding processes. Virtual Vaults can only access customer data when a customer has explicitly allowed Virtual Vaults to do so.

Logging, monitoring and reporting

Virtual Vaults logs accurately to ensure data integrity and platform uptime. We continuously monitor logs with the help of dashboards and intelligent warnings. Select Virtual Vaults users have access to detailed audit reports.

Asset management

Our laptops use the most modern endpoint security software and only smartphones that comply with our security policies have access to sensitive information. All devices have the latest version of their operating system and are regularly updated. We use Azure as a Platform-as-a-Service solution: Microsoft provides all system and network security with commitment and resources of 1 billion dollars per year.

Physical Datacenter Security

Microsoft Data Centers are secured through:

• multiple authentication processes (such as badges, smart cards and biometric scanners);
• security staff on location;
• monitoring with the help of video surveillance, motion sensors and alarms about security breaches;
• 24 hours limited access;
• automated fire prevention and extinguishing systems.

Application Lifecycle Management

Software development at Virtual Vaults is under strict control. Before we release software for the production environment, we assess and test it extensively. Every night we perform fully automated tests on all functionalities in the application.

Business continuity and disaster management

Data uploaded on the Virtual Vaults platform is stored in Geo-redundant (GRS). Two data centers, hundreds of miles apart, store three replicas each. Virtual Vaults has a physical office, but is not dependent on it.

Data breach notification

In the unfortunate event of a data breach, we will inform the customer within 36 hours if that is feasible. Virtual Vaults is insured with a premium insurer, which means we can respond quickly and have access to a team of incident response professionals from different disciplines.