At Vitech, your trust remains our highest priority. We employ a variety of rigorous security measures in our solutions to ensure that your applications, data, and infrastructure remain safe despite evolving cyber threats. Our procedures are continually assessed and updated to protect against data breaches and unauthorized access.
We are committed to implementing best-practice protocols and delivering industry-leading safeguards for comprehensive security, compliance, and privacy.
At Vitech, we protect our customers’ data with a secure infrastructure as well as measures that are integral to appropriate security including encryption, authentication and authorization controls, breach reporting, data loss prevention, patch management, and other standard protocols.
Our security teams continually evaluate new cyber threats and implement updated countermeasures designed to prevent unauthorized access, while working to detect and respond to security vulnerabilities. We have also instituted policies and procedures to ensure your data is secure and backed up to multiple physical locations.
Our operating controls and procedures include:
- 24/7 incident handling with defined escalation paths
- Data encryption (including TLS and AES256) at rest and in transit
- Secure system access management with multi-factor authentication
- Logging, monitoring, and alerting
- Vulnerability and patch management
- Security testing to identify and remediate vulnerabilities
- Maintenance and backup procedures
- Secure Development Lifecycle (SDLC)
Availability, Uptime and Security
Vitech partners with Amazon Web Services Inc. (AWS) to provide clients with a high-performing, highly secure operating environment to safeguard client data. Vitech’s solution application environments reside in dedicated Virtual Personal Clouds (VPCs) for each customer, and within it, AWS Security Groups limit traffic in/out of each component to only those ports and protocols required for processing and administration for greater oversight. Vitech’s solutions also use AWS Shield Advanced for perimeter monitoring and DDOS threat protection, and employ AWS Web Application Firewall to provide solution application-specific traffic filtering and alerting. Traffic is encrypted in transit between each tier of Vitech applications. Databases, files, and logs are encrypted at rest using AES 256-bit encryption with unique keys for each customer.
Adhering to industry standards
Comprehensive cyber security also depends on comprehensive compliance.
Vitech maintains up-to-date adherence to global and regional data security and privacy regulations, including GDPR, and CCPA.
To further uphold our compliance obligations, we regularly conduct self-assessments as well as independent third-party audits to periodically validate our security controls, processes and practices.
- SOC 2 Type II
- California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)
- General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA)
- ISO/IEC 27001
Last updated: July 6, 2022