Information security

Vuture continuously and heavily invests in its security capabilities and privacy standards that help keep all data safe. In line with our commitment to provide a transparent service to clients, we are continuously enhancing controls around information security and privacy.

We are fully committed to the following information security principals:

  • Confidentiality - making your information accessible only to those authorised to use it
  • Integrity - safeguarding the accuracy and completeness of your information and processing method
  • Availability - ensuring that your information is available when required

Some of the ways we are demonstrating this commitment:

  • We have a dedicated Information Security Manager, who is an expert in his field and has over ten years' Information Security consulting, auditing and implementing experience
  • We adhere to the principles of ISO 27001 and achieved certification in June, 2018, from the British Standards Institute.
  • Our data centre providers are all ISO 27001 compliant
  • We have controls in place to protect personally identifiable information (PII), a plan in place for the EU GDPR, and we are currently registering with the U.S. Privacy Shield
  • We have continuous internal security monitoring and regular 3rd party penetration and vulnerability reviews of which we proactively assess the risks and resolve any weaknesses identified immediately
  • All data is encrypted, both in storage and in transit
  • Data is backed up regularly, restore tests are performed, and a tested Disaster Recovery and Business Continuity Plan is ready to be implemented when required
  • We have a defined, documented and implemented incident response and data breach procedure which will notify customers of any incidents concerning their data
  • We use best-practice, secure programming methodologies (e.g. OWASP, SANS).

The above security processes mean that you as a client can be assured that Vuture will:

  • Protect your information against various threats
  • Ensure your business continuity
  • Minimise your financial losses and other impacts
  • Optimise your return on investments
  • Create opportunities to do business safely
  • Maintain your privacy and compliance

The different areas of information security control at Vuture include:

  • A documented Information Security Policy - this provides management direction
  • Organisation of information security - this is a management framework for implementation of the information security management system
  • Asset management procedures - these include processes for the assessment, classification and protection of valuable information assets
  • Defined human resource security procedures - including best-practice processes for joiners, movers and leavers
  • Physical and environmental security for land-based offices and data centres, which prevents unauthorised access, theft, compromise or damage to information and computing facilities
  • Communications and operations management - ensures the correct and secure operation of the IT environment
  • Access control procedures - these restrict unauthorised access to information assets
  • Information systems acquisition, development and maintenance procedures - this builds security into all systems
  • Information security incident management processes - so that we deal sensibly with security incidents that arise
  • Business continuity management - so that we maintain essential business processes and restore any that fail
  • Compliance - so that we avoid breaching laws, regulations, policies and other security obligations