Vector AIS is committed to ensuring the security, integrity, and confidentiality of our systems and the data entrusted to us by our customers. We have implemented comprehensive security measures to safeguard our proprietary accounting system and maintain the highest level of protection.
Our security efforts encompass various aspects, including but not limited to:
- Secure Password Practices: All end users generate their own password at the time of account activation. Passwords are not system generated, and are subject to minimum password requirements, expiration limits, and login attempt protection.
- Secure Hosting on AWS: Our servers and data are hosted on Amazon Web Services (AWS), which adheres to strict compliance standards such as SSAE 16 (SOC 1, SOC 2, and SOC 3).
- Restricted Access: Only authorized Vector employees have access to our production environment, which is protected by public key encryption and two-factor authentication.
- Multi-Factor Authentication: We employ multi-factor authentication (MFA) for remote network and system access, which cannot be disabled by Vector employees.
- Regular System Audits: We conduct regular system audits to ensure that only authorized personnel have appropriate access to Vector systems.
- Background Checks: We perform extensive background checks on all employees prior to Vector employment.
- Security Awareness Training: Our employees receive annual security awareness training to stay updated on best practices.
- Password Management: We utilize password management solutions to securely store and log credentials for privileged accounts.
- Advanced Malware Protection: We employ advanced malware and endpoint detection and response (EDR) technology to safeguard our systems.
- Managed Detection and Response (MDR): Our systems and networks are continuously monitored by MDR services, ensuring 24/7 protection and incident response capabilities.
- Secure Website and Platform: Vector’s website and Valence are served over SSL for secure website traffic. Insecure protocols like SSL 2 and SSL 3 are disabled.
Infrastructure Performance Monitoring:
- Scalable and Resilient Infrastructure: Our infrastructure is designed for scalability and resilience, with an auto scaling group that increases storage when CPU usage reaches a defined threshold.
- System Notifications and Alarms: Alarms are configured to send system notifications to the System Administrator and Director of Technology when actionable resolutions are needed.
- Proactive Infrastructure Monitoring: We actively monitor our infrastructure, promptly reviewing and addressing any recommendations made, ensuring efficient resource utilization.
- AWS Security: We leverage AWS Security applications to perform security best practice checks, generate alerts, and suggest remediation steps, mitigating potential security issues.
Infrastructure Maintenance and Security:
- Data Backups: Our database is backed up nightly to multiple locations within the United States.
- Logging of Customer Data Changes: Every action on the Valence platform is logged, allowing us to track data changes, including who made what change and when.
- Secure File Hosting: Files are hosted on AWS storage service, encrypted with AES-256, and backed up nightly to geographically diverse locations within the United States.
- Restricted Access to Private Keys: Access to private keys is limited to authorized Vector employees and is rotated on an annual basis.
- Regular Vulnerability Scans: Quarterly external vulnerability scans, including the Valence Platform, are conducted to identify and remediate potential vulnerabilities.
- Third-Party Penetration Tests: An external network and application penetration test, including the Valence Platform, is performed annually by a qualified third-party, with findings addressed based on risk-management best practices.
- Encryption of Data: Data in transit and at rest on the Valence Platform is encrypted to maintain strong security.
- Risk Management: We maintain a running risk register, ranking risks and documenting strategies and action plans. We remediate findings according to risk-management best practices.
- Planning and documentation: We maintain a formal Incident Response Plan, Business Continuity & Disaster Recovery Plan, Information Security Policy, and an Acceptable Use Policy that are published to employees and reviewed/tested on an annual basis.
- Timely Software Releases: Our software updates are typically released at approximately 9:30 p.m. US/Pacific time. During these updates, which are often iterative in nature, there may be brief moments when our service is temporarily unavailable as we implement the changes.
- Comprehensive Testing: To maintain the highest standards of reliability, all software changes go through rigorous testing. This includes thorough examinations of critical components of the application, including visual tests to verify that any visual alterations meet our expectations. By conducting extensive testing, we ensure that our updates are robust and deliver the intended enhancements.
- Customer Support: For assistance, customers can reach out to Valence Support by emailing email@example.com. Our dedicated support team is available to provide timely and helpful responses to inquiries and technical issues.
- Valence Monitoring and Updates
- Responsible Disclosure: If you believe you have discovered a vulnerability within Valence or if you are a security researcher interested in this space, we encourage you to report it to us promptly. Please contact us at firstname.lastname@example.org and include as many details as possible, including step-by-step instructions to reproduce or demonstrate the vulnerability. We appreciate your cooperation in maintaining the security of our systems and will respond promptly to address and resolve any reported vulnerabilities.