Security measures

Last Updated: June, 2019

Certifications

Virtual Vaults is ISO / IEC 27001: 2013 certified. Independent auditors and external specialists periodically test our security measures, using the same tools and techniques that hackers use (Hacking-as-a-Service).

Risk management

The ISO 27001 standard guarantees a structured and effective approach for the identification, analysis, evaluation and treatment of risks. Partners, suppliers, employees, customers and external experts are also included in this process.

Data storage and compliance

All files entering a Vault receive the strong 256-bit AES encryption, both during transfer and at rest. They are secure on Microsoft Azure data center servers in Western Europe, with the most comprehensive compliance of all cloud service providers. Read more information about Microsoft compliance.

Personnel screening and training

We screen all our employees extensively. This includes, but is not limited to, checking all qualifications, at least two character references and criminal records (VOG). Employees regularly receive training for security awareness and must sign a Non-Disclosure Agreement.

Access Control

We adhere to the 'principle of least privilege'. We use two-factor authentication on all production systems. We follow strict on-boarding and off-boarding processes and change permissions in the Virtual Vaults application only at the express request of our customer.

Logging, monitoring and reporting

Virtual Vaults logs accurately to ensure data integrity and platform uptime. We continuously monitor logs with the help of dashboards and intelligent warnings. Select Virtual Vaults users have access to detailed audit reports.

Asset management

Our laptops use the most modern endpoint security software and only Apple smartphones have access to sensitive information. All devices have the latest version of their operating system and are regularly updated. We use Azure as a Platform-as-a-Service solution: Microsoft provides all system and network security with commitment and resources of 1 billion dollars per year.

Physical Datacenter Security

Microsoft Data Centers are secured through:

• multiple authentication processes (such as badges, smart cards and biometric scanners);
• security staff on location;
• monitoring with the help of video surveillance, motion sensors and alarms about security breaches;
• 24 hours limited access;
• automated fire prevention and extinguishing systems.

Application Lifecycle Management

Software development at Virtual Vaults is under strict control. Before we release software for the production environment, we assess and test it extensively. Every night we perform fully automated tests on all functionalities in the application.

Business continuity and disaster management

Data uploaded on the Virtual Vaults platform is stored in Geo redundant (GRS). Two data centers, hundreds of miles apart, store three replicas each. Virtual Vaults has a physical office, but is not dependent on it.

Data breach notification

In the unfortunate event of a data breach, we will inform the Vault Admin(s) within 36 hours if that is feasible. Virtual Vaults is insured with a premium insurer, which means we can respond quickly and have access to a team of incident response professionals from different disciplines.