We comprehend the significance of safeguarding your data and consider it a crucial aspect of our responsibilities.
Our systems undergo continuous internal assessments to maintain optimal performance and meet industry standards. We undergo regular penetration testing and audits to maintain our industry certifications and maintain a leading position in best practices.
We have implemented redundancies throughout our operations to ensure a contractual obligation of 99.9% uptime. In case of any variations in our system's functioning, our staff is immediately notified.
All our products are compliant with ISO 27001:2013 security standards, incorporating the best practices and highest benchmarks in the industry. Our methods are continually reviewed and improved, with robust encryption routines in place. The data in our system belongs to you and is never handled or shared without your consent.
We reinforce our security commitments by meeting the highest standards in the industry, including ISO 27001:2013, GDPR Compliance, AWS Certification, and undergoing regular external penetration tests based on OWASP recommendations.
Here's how we guarantee the safety and security.
We prioritize robust security measures throughout our app design. All communications are encrypted with the HTTP protocol, and our in-app databases are secured with encryption and privilege verifications for all requests. The security of user data and the ability for administrators to retain control are at the core of our system.
System logs are constantly monitored by the Velis Support team, who take the necessary immediate steps. We have contracted an external company to conduct regular penetration tests using the OWASP Top 10 detection methodology. Automated tests are conducted on source code updates to ensure that standards are upheld and any bugs are identified.
The system requires that passwords be at least 8 characters long, expire after 30 days, contain a combination of upper and lowercase letters, one digit, and one special character. Login attempts are limited to five before the account is locked, and an administrator must intervene to unlock it. All passwords are encrypted via the Blowfish block cipher algorithm.
Velis has been adhering to the ISO 27001:2013 standard since 2014, a globally renowned benchmark for information security management systems. We are compliant with a variety of distinct security elements that include hardware acquisition, software development, web hosting services, network building and upkeep, and other IT services. Both internal and external auditors are integrated into our security framework.
We safeguard your data by backing it up daily with a 3-day window for file retrieval and the option of hourly backups and up to 60-day full recovery. All of this is done via external servers that are encrypted to keep your information secure.
This depends on your selected hosting option. With standard hosting it is at Warsaw Atman (main server room) and OVH in France (backup). In the case of AWS (Amazon Web Services), the location is arranged based on a variety of factors (with Frankfurt being the default).
The data centre is ISO 27001 certified. It includes:
· Professional Power Supply — UPS system with a total power of 8580 kVA and five 26 MW independent medium voltage lines.
· Cooling — Air conditioners operating with N + 1 redundancy.
· Fire Detection System — Optical-temperature sensors and early smoke detection system, independent fire zones, and 120-minute fire resistance.
· Fire Extinguishing System — Gas extinguishing systems by Inergen and Argonite.
· Security — CCTV system inside and outside facility, access control based on proximity cards (with customised PIN, biometrics, and locks on request), burglary and panic attack system with automatic notification of external intervention group, and security personnel monitoring property 24/7.
The software uses security best practices, including:
· Data encryption — All data between your browser and the system is encrypted using the SSL standard.
· Privilege matrix — Use our ACL (access control list) module to assign and revoke privileges of users.
· OWASP Top 10 and ASVS (Application Security Verification Standard Project) standards.
· Internal and external security audits.
You remain the sole owner of all data stored in the system.
No, we cannot use your data for any purpose not directly related to our contract (e.g. providing technical support).
You remain the sole administrator of all personal data stored in the system.
Yes, you can use built-in export options to extract data (e.g., into MS Excel format). You can ask us to develop additional exportable reports that match your needs.
We will ask you what to do with the data. We can destroy it or export it to various formats, including storage on an external device (USB, hard drive, etc.).
Meet Some of the Companies That Already Trusted Our Security Standards