VEERUM DigitalTWIN security information
VEERUM DigitalTWIN provides and upholds best-in-class enterprise-level security
.png)
Compliance
VEERUM undergoes independent verification of application security, availability, and compliance controls. VEERUM offers enterprise-level security features:
.png)
Service Organization Control (SOC) 2
Service Organization Controls (SOC) framework establishes a standard for controls that safeguard the security and availability of information stored and processed in the cloud. VEERUM is audited annually against the SOC reporting framework by independent third-party auditors. VEERUM completed the initial SOC2 Type II report for security and availability principles during Q3 2021 and is available to clients after signing a non-disclosure-agreement. VEERUM will renew the SOC2 Type II report on an annual basis.
ISO 27001
ISO 27001 standard sets requirements for an information security management system (ISMS). VEERUM achieved ISO/IEC 27001:2013 certification in 2021.
Security
VEERUM offers enterprise-level security features:
Network isolation and access
Logical access controls are in place to control access to the VEERUM application, including password protection and multi-factor authentication for high privilege access to the supporting systems and infrastructure. Secure Shell (SSH) authentication is enabled and access to production servers is restricted through the use of SSH keys.
Encryption in transit and at rest
All network traffic is encrypted using Transport Layer Security (TLS). For VEERUM databases, data at rest is encrypted in data stores.
Systems operations
Configuration management processes, including patch management, are in place to confirm security of systems and roll back capability.
Data backup and recovery
VEERUM generates daily and weekly snapshots of critical system data and components on an automated schedule. The snapshots are replicated to multiple different locations to provide disaster recovery capabilities.
Change management
VEERUM uses dedicated, separate environments to develop and test changes before they are authorized for release to production. Only application changes which have passed review and testing processes are considered for deployment to production.
