Last Updated: March, 2022
Virtual Vaults is ISO / IEC 27001: 2013 certified. The ISO certificate and/or Statement of Applicability are available upon request.
Independent auditors and external experienced pentesters periodically check the security of our software and infrastructure through white box pentesting. During these tests, they use the same tools and techniques that malicious hackers use (Hacking-as-a-Service).
The ISO 27001 standard guarantees a structured and effective approach for the identification, analysis, evaluation and treatment of risks. Partners, suppliers, employees, customers and external experts are also included in this process.
Data storage and compliance
All data uploaded to our services receive the strong 256-bit AES encryption (both during transfer and at rest) and are stored with Geo-redundancy. The data are secure on Microsoft Azure data center servers, with the most comprehensive compliance of all cloud service providers. Read more information about Microsoft compliance.
Personnel screening and training
We screen all our employees extensively. This includes, but is not limited to, checking all qualifications, at least two references and criminal records (VOG). Employees regularly receive training for security awareness and must sign a Non-Disclosure Agreement.
We adhere to the 'principle of least privilege'. We use two-factor authentication on all production systems. We follow strict on-boarding and off-boarding processes. Virtual Vaults can only access customer data when a customer has explicitly allowed Virtual Vaults to do so.
Logging, monitoring and reporting
Virtual Vaults logs accurately to ensure data integrity and platform uptime. We continuously monitor logs with the help of dashboards and intelligent warnings. Select Virtual Vaults users have access to detailed audit reports.
Our laptops use the most modern endpoint security software and only smartphones that comply with our security policies have access to sensitive information. All devices have the latest version of their operating system and are regularly updated. We use Azure as a Platform-as-a-Service solution: Microsoft provides all system and network security with commitment and resources of 1 billion dollars per year.
Physical Datacenter Security
Microsoft Data Centers are secured through:
Application Lifecycle Management
Software development at Virtual Vaults is under strict control. Before we release software for the production environment, we assess and test it extensively. Every night we perform fully automated tests on all functionalities in the application.
Business continuity and disaster management
Data uploaded on the Virtual Vaults platform is stored in Geo-redundant (GRS). Two data centers, hundreds of miles apart, store three replicas each. Virtual Vaults has a physical office, but is not dependent on it.
Data breach notification
In the unfortunate event of a data breach, we will inform the customer within 36 hours if that is feasible. Virtual Vaults is insured with a premium insurer, which means we can respond quickly and have access to a team of incident response professionals from different disciplines.