Last Updated: June, 2019
Virtual Vaults is ISO / IEC 27001: 2013 certified. Independent auditors and external specialists periodically test our security measures, using the same tools and techniques that hackers use (Hacking-as-a-Service).
The ISO 27001 standard guarantees a structured and effective approach for the identification, analysis, evaluation and treatment of risks. Partners, suppliers, employees, customers and external experts are also included in this process.
All files entering a Vault receive the strong 256-bit AES encryption, both during transfer and at rest. They are secure on Microsoft Azure data center servers in Western Europe, with the most comprehensive compliance of all cloud service providers. Read more information about Microsoft compliance.
We screen all our employees extensively. This includes, but is not limited to, checking all qualifications, at least two character references and criminal records (VOG). Employees regularly receive training for security awareness and must sign a Non-Disclosure Agreement.
We adhere to the 'principle of least privilege'. We use two-factor authentication on all production systems. We follow strict on-boarding and off-boarding processes and change permissions in the Virtual Vaults application only at the express request of our customer.
Virtual Vaults logs accurately to ensure data integrity and platform uptime. We continuously monitor logs with the help of dashboards and intelligent warnings. Select Virtual Vaults users have access to detailed audit reports.
Our laptops use the most modern endpoint security software and only Apple smartphones have access to sensitive information. All devices have the latest version of their operating system and are regularly updated. We use Azure as a Platform-as-a-Service solution: Microsoft provides all system and network security with commitment and resources of 1 billion dollars per year.
Microsoft Data Centers are secured through:
Software development at Virtual Vaults is under strict control. Before we release software for the production environment, we assess and test it extensively. Every night we perform fully automated tests on all functionalities in the application.
Data uploaded on the Virtual Vaults platform is stored in Geo redundant (GRS). Two data centers, hundreds of miles apart, store three replicas each. Virtual Vaults has a physical office, but is not dependent on it.
In the unfortunate event of a data breach, we will inform the Vault Admin(s) within 36 hours if that is feasible. Virtual Vaults is insured with a premium insurer, which means we can respond quickly and have access to a team of incident response professionals from different disciplines.