- VTS has completed an independent SOC 2 audit with a focus on the domains of security and data confidentiality.
- Frequent external audits and a SOC 2 report are the only way to keep your auditors satisfied.
- A SOC 2 report assures you that the systems and processes we put in place are working properly to protect your data.
- The SOC 2 report is available upon request under NDA.
- Secure and convenient access to your data on iOS and Android.
- Our mobile applications enforce mandatory SSL (encryption in transit) for communication with VTS.com.
- For increased security the VTS mobile app implements fingerprint authentication (Touch ID).
We believe that without the true transparency that comes from an independent audit, a company cannot easily reach the level of trust we strive to reach with our users.
- Third Party Pen Tests
In addition to our in-house expertise and automatic security scanning tools, we engage third party security firms to perform regular penetration tests and code reviews with a focus on protecting customer data.
- Full Time Security Staff
The team is led by one of the former global leads of NASDAQ’s application security team and is CISSP and GWAPT (GIAC Web Application Penetration Testing) certified.
Employees are subject to a background check as a condition of their employment and are required to pass a yearly Security Awareness Training Program.
- To prevent unauthorized people or your competitors from seeing your data, the VTS application has implemented layers of client permissions.
- At any time, your company’s admin can view the list of every individual with access to your company’s data in their admin dashboard.
- This data is all exportable. The User Report also includes a User Login report containing each user’s Last Login time and IP address.
Our infrastructure is hosted out of Amazon Web Services. These datacenters hold many certifications including ISO and SOC. For more information see the AWS Security and Compliance web pages.
- Disaster Recovery
Servers are provisioned across multiple AWS availability zones to provide redundancy in case of a single availability zone failure within AWS. Individual application nodes are continuously monitored and automatically replaced when a failure is detected.
All user actions are logged with automatic alerts for performance and security related issues.
- Your data is alway safely stored and securely delivered to you.
- Data at rest is encrypted at the database level with AES-256, block-level storage encryption.
- Our data backups are encrypted and stored in a separate AWS region to ensure proper data integrity.
- User accounts become locked after 3 invalid login attempts and remain locked for 72 hours.
- Support for Single Sign On (SSO) / SAML 2.0 authentication on web, Android, and iOS.
- Full support for Active Directory Federation Services (ADFS) on the customer’s enterprise side.