Information security

 

Vuture continuously and heavily invests in its security capabilities and privacy standards that help keep all data safe. In line with our commitment to provide a transparent service to clients, we are continuously enhancing controls around information security and privacy. 

 

We are fully committed to the following information security principals:

 

  • Confidentiality - making your information accessible only to those authorised to use it
  • Integrity - safeguarding the accuracy and completeness of your information and processing method
  • Availability - ensuring that your information is available when required

 

Some of the ways we are demonstrating this commitment:

 

  • We have a dedicated Information Security Manager, who is an expert in his field and has over ten years' Information Security consulting, auditing and implementing experience
  • We adhere to the principles of ISO 27001ISO 27018 and ISO 22301 and will achieve certification in ISO 27001 by the end of 2017
  • Our data centre providers are all ISO 27001 compliant
  • We have controls in place to protect personally identifiable information (PII), a plan in place for the EU GDPR, and we are currently registering with the U.S. Privacy Shield
  • We have continuous internal security monitoring and regular 3rd party penetration and vulnerability reviews of which we proactively assess the risks and resolve any weaknesses identified immediately
  • All data is encrypted, both in storage and in transit
  • Data is backed up regularly, restore tests are performed, and a tested Disaster Recovery and Business Continuity Plan is ready to be implemented when required
  • We have a defined, documented and implemented incident response and data breach procedure which will notify customers of any incidents concerning their data
  • We use best-practice, secure programming methodologies (e.g. OWASPSANS).

 

The above security processes mean that you as a client can be assured that Vuture will:

 

  • Protect your information against various threats
  • Ensure your business continuity
  • Minimise your financial losses and other impacts
  • Optimise your return on investments
  • Create opportunities to do business safely
  • Maintain your privacy and compliance

 

 

The different areas of information security control at Vuture include: 

 

  • A documented Information Security Policy – this provides management direction
  • Organisation of information security – this is a management framework for implementation of the information security management system
  • Asset management procedures – these include processes for the assessment, classification and protection of valuable information assets 
  • Defined human resource security procedures – including best-practice processes for joiners, movers and leavers
  • Physical and environmental security for land-based offices and data centres, which prevents unauthorised access, theft, compromise or damage to information and computing facilities
  • Communications and operations management - ensures the correct and secure operation of the IT environment
  • Access control procedures – these restrict unauthorised access to information assets
  • Information systems acquisition, development and maintenance procedures – this builds security into all systems
  • Information security incident management processes – so that we deal sensibly with security incidents that arise
  • Business continuity management – so that we maintain essential business processes and restore any that fail
  • Compliance – so that we avoid breaching laws, regulations, policies and other security obligations

Start typing and press Enter to search