Security at Vault Platform
Vault Platform’s core application is to facilitate trust between companies and their people and to help to create working environments that are inclusive, diverse, productive and safe. This is why we consider security and data privacy to be critical components of our platform and why both are at the foundation of everything we do.
We take multiple measures to ensure your data is protected
Vault Platform is ISO 27001 certified, complying with a set of industry procedures and policies relating to information security management. We operate a security program that includes regular security audits, vulnerability scans, external penetration testing, automated monitoring and security training for our staff.
We continually monitor developing standards and legislation to ensure that Vault Platform adheres to the security requirements of leading industry bodies.
Secure and trusted hosting infrastructure
Our servers are located within the European Union and the United Kingdom, in AWS (Amazon Web Services) data centres that are ISO 27001, SOC 1 and SOC 2 certified.
Customer data is stored in multiple locations in our hosting provider’s data centres to ensure availability. We operate a business continuity programme that includes backup and restoration procedures that are regularly reviewed and tested.
AWS data centres have round-the-clock security and strict controls for physical access. Learn more about AWS physical security.
The Vault Platform operations team are on-call 24/7 to support the service.
Data encryption in transit and at rest
Vault utilizes some of the most advanced technology for Internet security available today. When you access the application using a browser or through our mobile app, Transport Layer Security (TLS) technology protects your information using server authentication and encryption, ensuring that your data is safe and secure.
At rest, all data is encrypted using 256-bit advanced encryption standard (AES-256).
We regularly monitor changes to the cryptographic landscape and implement best practices as they evolve.
Vault Platform maintains an internal security threat model and commissions external penetration testing on a regular basis to ensure the security of Vault Platform applications.
We provide regular training for our engineers in secure coding, that covers key OWASP security risks, common attacks and security controls best practices.
As part of the software development process at Vault, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested using a quality assurance process to help ensure an expected, consistent, experience across supported devices and platforms.
Organisational Security and Practices
All Vault employees are vetted before joining and are required to complete annual security awareness training. Training topics include information security, data privacy and risk mitigation.
All Vault employee work devices are configured with full-disk encryption, strong password protection, and employees are prohibited from using unauthorised software or portable media.
Administrative access to systems within the production environment is limited to staff with a specific need to support our services. Access to our servers is monitored and audited, we regularly review system and access logs.
How to report an issue
If you believe you have found a security vulnerability, please let us know straight away at [email protected]