Security at VComply

VComply maintains the highest standards of security for our customer data.  All user data, including personal and compliance-related information, is encrypted and protected against unauthorized access.  

CERTIFICATION AND STANDARD

SOC 2 Type 2 Compliant

Our customers entrust us with their most sensitive data, and we take this responsibility seriously. VComply is SOC 2 Type 2 compliant with ISO 27001 compliant infrastructure, demonstrating that our information security measures align with today's cloud requirements. This certification underscores our commitment to maintaining strong internal controls and rigorous security practices.

Enterprise-grade Data Protection

Data Handling and Storage
VComply ensures that user data is processed and stored securely. Regular data backups are maintained to prevent data loss in case of unexpected events. All data is stored in secure data centers with robust physical and environmental controls.
Access Control
Access to the VComply system is carefully controlled. Only authorized personnel and users are allowed access. User authentication is enforced through strong, unique passwords, multi-factor authentication, and other security measures.
Information Security System
We have established a comprehensive Information Security Program that is effectively communicated across our organization. This program aligns with the criteria outlined in the SOC 2 Framework.
Third-Party Security
VComply ensures that third-party service providers adhere to robust security practices. We regularly conduct independent third-party assessments to evaluate the strength of our security and compliance controls.
Monitoring and Logging
VComply monitors and logs system activity to identify any suspicious behavior or unauthorized access. These logs are regularly reviewed and analyzed to ensure the system's integrity.
Vulnerability Management
Regular vulnerability assessments and testing are conducted to identify and address potential security weaknesses in the system. Patches and updates are applied promptly to mitigate vulnerabilities.
Third-Party Penetration Testing
We conduct an annual third-party penetration test to verify the uncompromised security posture of our services.
Annual Risk Assessments
We conduct risk assessments at a minimum of once a year to detect potential risks, which includes a focus on fraud-related concerns.
Confidentiality
Every team member must sign and comply with an industry-standard confidentiality agreement before commencing their first day of employment.
Quarterly Access Reviews
We conduct access reviews on a quarterly basis for all team members who have access to sensitive systems.

Ensuring Customer Protection

Permissions and Authentication
We utilize Single Sign-on (SSO), two-factor authentication (2FA), and enforce stringent password policies where applicable to safeguard access to cloud services.
Implementing Least Privilege Access Control
We strictly adhere to the principle of least privilege in our identity and access management practices.
Enforcing Password Requirements
Every team member is obliged to meet a predefined set of password criteria and complexity standards to ensure secure access.
Employee Training
All VComply employees receive comprehensive training on security best practices. They are educated on data protection, compliance, and their roles in maintaining the system's security.