Informaton Security

OUR COMMITMENT TO INFORMATION SECURITY

For Vuture, the security and privacy of customer data is our top priority. We understand that we hold not only your data, but your customers’ data too!

Our mission is to continuously design, implement, operate, manage and maintain an Information Security Management System that complies with international standards, incorporates generally-accepted good security practices and protects your data all while at the same time provides our clients with highly available, low-risk services. 

Vuture is constantly investing heavily in the security capabilities and privacy standards that helps keep all data safe. In line with our commitment to provide customers the utmost transparency, we are continuously enhancing controls around information security and privacy. 

Vuture is fully committed to the following information security principals:

  • Confidentiality - Making your information accessible only to those authorised to use it
  • Integrity - Safeguarding the accuracy and completeness of your information and processing methods
  • Availability - Ensuring that your information is available when required

Some of the ways we are demonstrating this commitment: 

  • We have a dedicated Information Security Manager, who is an expert in his field and has 10+ years in Information Security consulting, auditing and implementing experience;
  • We adhere to the principles of ISO 27001, ISO 27018 and ISO 22301 and will achieve certification in ISO 27001 by the end of 2017;
  • Our data centre providers are all ISO 27001 compliant;
  • We have controls in place to protect personally identifiable information (PII), a plan in place for the EU GDPR, and we are currently registering with the U.S. Privacy Shield;
  • We have continuous internal security monitoring and regular 3rd party penetration and vulnerability reviews of which we pro-actively assess the risks and resolve any weaknesses identified immediately;
  • All data is encrypted both in storage and in transit; 
  • Data is backed-up regularly, restore tests are performed, and a tested Disaster Recovery and Business Continuity Plan is ready to be implemented when required;
  • We have a defined, documented and implemented incident response and data breach procedure which will notify customers of any incidents concerning their data;
  • We use best-in-practice, secure programming methodologies (e.g. OWASP, SANS).

The above security processes mean that you as a client can be assured that Vuture will:

  • Protect your information against various threats
  • Ensure your business continuity
  • Minimizes your financial losses and other impacts
  • Optimises your return on investments
  • Create opportunities to do business safely
  • Maintain your privacy and compliance

The different areas of information security control at Vuture include: 

  • A documented Information Security Policy – this provides us with management direction
  • Organization of information security – this is a management framework for implementation of the information security management system
  • Asset management procedures – these include processes for the assessment, classification and protection of valuable information assets 
  • Defined Human Resource security procedures – including best-practice processes for joiners, movers and leavers
  • Physical and environmental security for land-based offices and data centres – which prevents unauthorised access, theft, compromise or damage to information and computing facilities
  • Communications and operations management - ensures the correct and secure operation of the IT environment
  • Access control procedures – these restrict unauthorized access to information assets
  • Information systems acquisition, development & maintenance procedures – this builds security into all systems
  • Information security incident management processes – so that we deal sensibly with security incidents that arise
  • Business continuity management – so that we maintain essential business processes and restore any that fail
  • Compliance – so that we avoid breaching laws, regulations, policies and other security obligations