VividCortex protects our customers' data and privacy with best-in-class security processes and technology. Our comprehensive security program consists of several components, which ensure the highest standards of protection.
Access Controls - The VividCortex platform provides enterprise-grade capabilities to ensure that access to your organization's VividCortex instance is controlled, managed, and secure. Our Role-Based Access Control (RBAC), Single Sign-On (SSO) and Security Assertion Markup Language (SAML) integration allow you to quickly provision, onboard, and revoke users, aligning with your organization's control policies and procedures.
Customer Sensitive - If you have contractual and/or governmental data compliance requirements for managing “Customer Sensitive” data—such as PCI, ePHI, PII etc.—VividCortex provides a configurable option to filter Customer Sensitive data. With these options, the data never leaves your server and never enters the VividCortex Cloud environment.
Detect any sign of SQL injection attempts and prevent external attacks. Businesses must be able to detect when their systems have been targeted by security compromising attacks like SQL injections, so they can respond as quickly and tactically as possible. VividCortex includes basic SQL injection detection for MySQL out of the box, ensuring that security teams, database administrators, and CTOs can be made aware at the first sign of an attack. With our Alerting & Integration module, those injection warnings can be transmitted directly to email, Slack, Victorops or any number of other messaging systems.
VividCortex employs a dedicated, full-time team of experienced security professionals to safeguard your information and answer any questions that you may have about our security plan, policies, and capabilities. The VP of Engineering and Security manages a formal Risk Management program and reports directly to the CEO and Board of Directors.
The VividCortex security framework is built on the International ISO/IEC 27000 family of standards, in combination with the Cloud Security Alliance (CSA), a guideline tailored to Security SaaS modeling.
The VividCortex Information Security Management System (ISMS) consists of the following components:
The governing principle behind the ISMS is that VividCortex has designed, implemented, and consistently maintains a coherent set of policies, processes, and systems to manage any risks to its information assets.
VividCortex has formal processes to ensure that we are in compliance with our rigorous security policies and procedures, and that our actions result in a strong information management defense. VividCortex routinely undergoes security vulnerability assessments and penetration testing, by both internal staff and third parties. These measures identify potential vulnerabilities and evolve our security stance. We are pleased to announce that VividCortex has successfully completed SOC 2 Type II certification. VividCortex controls were designed and implemented to meet the criteria for Security, Availability, Processing Integrity and Confidentiality. For more information visit our blog.
The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data.
This law is an important step forward in streamlining data protection requirements across the EU and it’s an opportunity for VividCortex to showcase our investment in data protection.