Security is our top priority at VEERUM.
We understand how important your data is to you. We handle data with the utmost care and integrity, designing our systems to reduce the chance of errors from human factors, employing industry standard information security practices, and performing continual automated testing to find and fix vulnerabilities.
VEERUM undergoes independent verification of application security, availability, and compliance controls.
Service Organization Control (SOC) 2
Service Organization Controls (SOC) framework establishes a standard for controls that safeguard the security and availability of information stored and processed in the cloud. VEERUM is audited annually against the SOC reporting framework by independent third-party auditors. VEERUM completed the initial SOC2 Type II report for security and availability principles during Q3 2021 and is available to clients after signing a non-disclosure-agreement. VEERUM will renew the SOC2 Type II report on an annual basis.
ISO 27001 standard sets requirements for an information security management system (ISMS). VEERUM achieved ISO/IEC 27001:2013 certification in 2021.
VEERUM offers enterprise-level security features:
Network isolation and access
Logical access controls are in place to control access to the VEERUM application, including password protection and multi-factor authentication for high privilege access to the supporting systems and infrastructure. Secure Shell (SSH) authentication is enabled and access to production servers is restricted through the use of SSH keys.
Encryption in transit and at rest
All network traffic is encrypted using Transport Layer Security (TLS). For VEERUM databases, data at rest is encrypted in data stores.
Configuration management processes, including patch management, are in place to confirm security of systems and roll back capability.
Data backup and recovery
VEERUM generates daily and weekly snapshots of critical system data and components on an automated schedule. The snapshots are replicated to multiple different locations to provide disaster recovery capabilities.
VEERUM uses dedicated, separate environments to develop and test changes before they are authorized for release to production. Only application changes which have passed review and testing processes are considered for deployment to production.