We understand that protecting your information is a big part of our job.
Our systems are always undergoing internal diagnostics to meet peak performance benchmarks. Regular penetration testing and audits are part of the industry certifications we maintain at all times. We are an industry leader that is at the forefront of best practices.
We’ve built redundancies throughout our entire operations so that we can backup our contractual obligation to 99.9% uptime. Any variation in our system’s functions results in immediate notification to Velis staff.
Every product we offer is security standard ISO 27001:2013 compliant, meaning we’ve internalized the highest benchmarks and best practices of our industry. Our methodology is always under review and being improved, with robust encryption routines incorporated at all times. Any data in our system is your data, not ours, and it is never handled in any way without your consent and never — under any circumstance —shared with third parties.
As the old adage goes: trust, but verify. We backup our security pledges by meeting the highest standards in the industry. This includes ISO 27001:2013, GDPR Compliance, Amazon Web Services (AWS) Certification, and regular external penetration tests (pentests) based on OWASP recommendations.
How we guarantee your safety in each area of operations.
Robust security is deeply embedded in our app design. All communications within it are encrypted via HTTP protocol, with in-app database encryption and privilege verification for all requests. Protecting data and empowering administrator control is the foundation of our system.
System logs are continuously monitored, with immediate appropriate approach of the Velis Support. We contract with an independent external company who carries out regular penetration tests using OWASP Top 10 detection methodology. Source code updates are proofed with automated tests to verify standards and detect bugs.
The system requires at least an 8 characters long password, that expire in 30 days, with variable case letters, at least one digit and one special character. Login attempts are capped at five before an account is locked and administrator action is required to unlock it. All passwords are encrypted with the Blowfish block cipher algorithm.
Velis has implemented the ISO 27001:2013 standard — an internationally recognized benchmark for information security management systems — since 2014. We have been in compliance with a wide range of individual security components that span hardware procurement, software development, web hosting services, network construction and maintenance, and other IT services. Both internal and external auditors function as part of our security infrastructure.
We backup all your data daily, which includes a full 3-day window to retrieve lost files (with an option for hourly backup and up to 60-day full recovery), using external servers with full encryption protocols to protect your data.
This depends on your selected hosting option. With standard hosting it is at Warsaw Atman (main server room) and OVH in France (backup). In the case of AWS (Amazon Web Services), the location is arranged based on a variety of factors (with Frankfurt being the default).
The data centre is ISO 27001 certified. It includes:
· Professional Power Supply — UPS system with a total power of 8580 kVA and five 26 MW independent medium voltage lines.
· Cooling — Air conditioners operating with N + 1 redundancy.
· Fire Detection System — Optical-temperature sensors and early smoke detection system, independent fire zones, and 120-minute fire resistance.
· Fire Extinguishing System — Gas extinguishing systems by Inergen and Argonite.
· Security — CCTV system inside and outside facility, access control based on proximity cards (with customised PIN, biometrics, and locks on request), burglary and panic attack system with automatic notification of external intervention group, and security personnel monitoring property 24/7.
The software uses security best practices, including:
· Data encryption — All data between your browser and the system is encrypted using the SSL standard.
· Privilege matrix — Use our ACL (access control list) module to assign and revoke privileges of users.
· OWASP Top 10 and ASVS (Application Security Verification Standard Project) standards.
· Internal and external security audits.
You remain the sole owner of all data stored in the system.
No, we cannot use your data for any purpose not directly related to our contract (e.g. providing technical support).
You remain the sole administrator of all personal data stored in the system.
Yes, you can use built-in export options to extract data (e.g., into MS Excel format). You can ask us to develop additional exportable reports that match your needs.
We will ask you what to do with the data. We can destroy it or export it to various formats, including storage on an external device (USB, hard drive, etc.).