At Vicarius, we are dedicated to not just providing the best vulnerability management platform but also an environment that keeps your data safe and private.
In order to maintain a secure environment, Vicarius has achieved SOC II compliance without exceptions. This means we follow strict guidelines that ensure our information security measures are robust and able to evolve with the changing requirements of data protection in the cloud.
We have established secure processes regarding constant oversight across Vicarius’ digital and physical infrastructure. We monitor our networks for unusual system activity, authorized and unauthorized system configuration changes, and user privileges. Our security team is alerted to any anomalous activity so it can be immediately authenticated or contained and remediated. Alongside our technological precautions, every employee is required to take and pass a digital security and hygiene course on a yearly basis as well as maintain standards in line with current guidelines as recommended by the digital security community.
At Vicarius, all data is securely stored. We utilize Amazon Web Services (AWS) secured servers and encrypt stored data with an industry standard, one-way salted hash. Data is protected in transit using Transport Layer Security (TLS), ensuring that your information remains secure if hosts are compromised. Our physical locations have multiple secure access points that require proper credentials to enter. All employees must undergo data security training in order to gain and maintain network access. Endpoints are hardened by a Web Application Firewall (WAF). This increases resistance to common exploits that could interrupt application availability.
We abide by AICPA’s generally accepted privacy principles (GAPP), and have numerous controls in place to protect Personal Identifiable Information (PII). All collected information is anonymized unless otherwise stated. All data processing is complete, accurate, timed, and authorized. We only collect data that pertains to the development of vRx and other Vicarius products. All our employees have signed Non-Disclosure Agreements regarding our proprietary technology and the data of our clients. All collected data is treated as critical and measures are in place to protect it against unauthorized loss, misuse, and alteration.