Vuture continuously and heavily invests in its security capabilities and privacy standards that help keep all data safe. In line with our commitment to provide a transparent service to clients, we are continuously enhancing controls around information security and privacy.
We are fully committed to the following information security principals:
- Confidentiality – making your information accessible only to those authorised to use it
- Integrity – safeguarding the accuracy and completeness of your information and processing method
- Availability – ensuring that your information is available when required
Some of the ways we are demonstrating this commitment:
- We have a dedicated Information Security Manager, who is an expert in his field and has over ten years’ Information Security consulting, auditing and implementing experience
- We adhere to the principles of ISO 27001 and achieved certification in June, 2018, from the British Standards Institute.
- Our data centre providers are all ISO 27001 compliant
- We have controls in place to protect personally identifiable information (PII), a plan in place for the EU GDPR, and we are currently registering with the U.S. Privacy Shield
- We have continuous internal security monitoring and regular 3rd party penetration and vulnerability reviews of which we proactively assess the risks and resolve any weaknesses identified immediately
- All data is encrypted, both in storage and in transit
- Data is backed up regularly, restore tests are performed, and a tested Disaster Recovery and Business Continuity Plan is ready to be implemented when required
- We have a defined, documented and implemented incident response and data breach procedure which will notify customers of any incidents concerning their data
- We use best-practice, secure programming methodologies (e.g. OWASP, SANS).
The above security processes mean that you as a client can be assured that Vuture will:
- Protect your information against various threats
- Ensure your business continuity
- Minimise your financial losses and other impacts
- Optimise your return on investments
- Create opportunities to do business safely
- Maintain your privacy and compliance
The different areas of information security control at Vuture include:
- A documented Information Security Policy – this provides management direction
- Organisation of information security – this is a management framework for implementation of the information security management system
- Asset management procedures – these include processes for the assessment, classification and protection of valuable information assets
- Defined human resource security procedures – including best-practice processes for joiners, movers and leavers
- Physical and environmental security for land-based offices and data centres, which prevents unauthorised access, theft, compromise or damage to information and computing facilities
- Communications and operations management – ensures the correct and secure operation of the IT environment
- Access control procedures – these restrict unauthorised access to information assets
- Information systems acquisition, development and maintenance procedures – this builds security into all systems
- Information security incident management processes – so that we deal sensibly with security incidents that arise
- Business continuity management – so that we maintain essential business processes and restore any that fail
- Compliance – so that we avoid breaching laws, regulations, policies and other security obligations