Verodat Security
Security
Customer trust and data security underpins our business
We work with a team of specialists to ensure we can provide our customers the assurance they need that their data and information is safe and secure. We continually work towards operational excellence and meeting ISO 27001 security standards.
Compliance
ISO:27001
Verodat is fully compliant with ISO:27001, and undertakes regular audit reviews of it’s processes. ISO 27001 is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS).
SOC 2
As of July 2024, Verodat is in the process of being assessed for compliance with SOC 2. SOC 2 is a voluntary compliance standard for service organisations, developed by the American Institute of CPAs (AICPA), which specifies how organisations should manage customer data.
GDPR
Verodat is in full support of the General Data Protection Regulation (GDPR). GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens within the EU member states. The regulation enables EU citizens to request all the information a company has stored about them, in addition to giving them rights to request updates to this information and to request that personal information is removed from a company’s systems and removed from subprocessors who have handled their data. Please see our full Privacy Policy for more information.
Product Security
Permissions and Authentication
Access to data is limited to authorised employees who require it for their job.
Pentests and Vulnerability Scanning
Verodat uses third-party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues. We engage third-party security experts to perform detailed penetration tests on the Verodat application and infrastructure.
2FA
If you’re using password-based authentication, you can turn on 2-factor authentication (2FA) for your organisation.
Permissions
We enable role-based permission levels for users within the app.
Password and Credential Storage
Verodat enforces a password complexity standard and stores passwords using a hashing function.
Data Protection
Encryption
Verodat is served 100% over https using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Data Hosting and Storage
Verodat services and data are hosted in Microsoft Azure facilities in the EU.
Data Protection Officer
We have an appointed Data Protection Officer to oversee and advise on our data management
Incident Response
Failover and DR
The Verodat Data platform and associated services were built with disaster recovery in mind. Our data is hosted across multiple regions in the EU which ensures business continuity with minimal downtime.
Backups and Monitoring
Verodat have back-up policies and procedures in place to maintain required application data.
Policies
Verodat has procedures in place for security events which includes escalation procedures, rapid mitigation and post mortem.
Organisational Security
Training
All employees complete Security and Awareness training annually.
Policies
Verodat has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Employee Vetting
Verodat performs background checks on all new employees in accordance with local laws.
Confidentiality
All employee contracts include a confidentiality agreement.