Ensure your portfolio data is protected with enterprise-grade security

Jim Whalen
Chief Information Officer | Boston Properties


  • VTS has completed an independent SOC 2 audit with a focus on the domains of security and data confidentiality.
  • Frequent external audits and a SOC 2 report are the only way to keep your auditors satisfied.
  • A SOC 2 report assures you that the systems and processes we put in place are working properly to protect your data.
  • The SOC 2 report is available upon request under NDA.


  • Secure and convenient access to your data on iOS and Android.
  • Our mobile applications enforce mandatory SSL (encryption in transit) for communication with
  • For increased security the VTS mobile app implements fingerprint authentication (Touch ID).


  • Transparency
    We believe that without the true transparency that comes from an independent audit, a company cannot easily reach the level of trust we strive to reach with our users.
  • Third Party Pen Tests
    In addition to our in-house expertise and automatic security scanning tools, we engage third party security firms to perform regular penetration tests and code reviews with a focus on protecting customer data.
  • Full Time Security Staff
    The team is led by one of the former global leads of NASDAQ’s application security team and is CISSP and GWAPT (GIAC Web Application Penetration Testing) certified.
  • Employees
    Employees are subject to a background check as a condition of their employment and are required to pass a yearly Security Awareness Training Program.

User Permissions

  • To prevent unauthorized people or your competitors from seeing your data, the VTS application has implemented layers of client permissions.
  • At any time, your company’s admin can view the list of every individual with access to your company’s data in their admin dashboard.
  • This data is all exportable. The User Report also includes a User Login report containing each user’s Last Login time and IP address.


  • Hosting
    Our infrastructure is hosted out of Amazon Web Services. These datacenters hold many certifications including ISO and SOC. For more information see the AWS Security and Compliance web pages.
  • Disaster Recovery
    Servers are provisioned across multiple AWS availability zones to provide redundancy in case of a single availability zone failure within AWS. Individual application nodes are continuously monitored and automatically replaced when a failure is detected.
  • Auditing
    All user actions are logged with automatic alerts for performance and security related issues.


  • Your data is alway safely stored and securely delivered to you.
  • Data at rest is encrypted at the database level with AES-256, block-level storage encryption.
  • Our data backups are encrypted and stored in a separate AWS region to ensure proper data integrity.


  • User accounts become locked after 3 invalid login attempts and remain locked for 72 hours.
  • Support for Single Sign On (SSO) / SAML 2.0 authentication on web, Android, and iOS.
  • Full support for Active Directory Federation Services (ADFS) on the customer’s enterprise side.

See VTS in Action

Tell us about yourself and we’ll be in touch!