Our Security Commitment
Your data is our top priority, and your trust in us is the foundation of our relationship. Visier has a tested and secure, highly distributed infrastructure with many layers of protection based on industry leading practices. We work continuously to monitor and protect your data.
Our comprehensive security program is based on a strong security culture. Security is embedded throughout the data lifecycle, including our infrastructure and platform development, coding practices, and operational controls.
To demonstrate this to you and earn your trust, independent third-party auditors test our security controls and provide results and opinions, which are then shared with our customers. We also regularly hire independent third-parties to rigorously penetration test the security of our platform.
Our executive leadership team is actively involved in promoting the importance of security and the protection of customer data throughout the organization. Our privacy and information security teams proactively engage with other Visier employees, through training, discussions, planning, and shared security responsibilities to foster a strong security and privacy culture that is instrumental for safeguarding your data.
Secure Development Lifecycle
The security of your data is top of mind throughout our entire development process. Our development team is highly security aware and scrutinizes every release for security issues, including the OWASP Top 10 and CWE Top 25. We also conduct regular detailed internal code reviews and security testing.
Your data is encrypted, both at rest and in transit, using industry best practices. A strong encryption key, unique to you, will be generated and periodically replaced. This key will be used to encrypt your data at rest. We additionally encrypt your data at rest using a wrapping key that is common between redundant sites. On top of that, any transmission of your data on our secured network is done using strong AES transport encryption. When you send your data to us, you can encrypt it with our PGP public key and use one of our secure data transfer services.
We have a comprehensive vulnerability management program that adopts a multi-layered defence strategy against threats to the service. We leverage real-time identification and scanning of any new assets on our networks, as well as frequent patching and platform security maintenance to proactively combat vulnerabilities and threats to the service.
Monitoring and response
Your data, and our service, is continuously monitored by our DevOps and Information Security teams. We use intelligent IPS, next-generation firewalls, and other security controls to detect and respond to security threats. We keep and monitor detailed audit logs of all privileged accounts and administrative actions.
Secure Data Centers and Service Availability
Our services are hosted from highly secure data centers in Canada and the United States that have top-tier physical, technical, and environmental safeguards. These data centers are regularly audited by third party public accounting firms who provide relevant reports and certifications.
Our services are designed to be available round the clock except during maintenance windows, which are used to perform system updates, infrastructure, security, and technology upgrades.
We understand the importance of providing a reliable service for your business. We use robust, encrypted, and real-time multi-site redundancy to keep your ability to access your data in the service highly available and secure, as well as to mitigate regional environmental risks such as earthquakes and extreme weather. The geo-redundancy design protects against an extreme event in one region affecting your ability to access our services.
Visier also maintains a disaster recovery plan that provides for the recovery and reconstitution of our production services to the most recent available state in the minimum amount of time following a disaster. We also regularly test our disaster recovery and business continuity plans to ensure that services can be recovered and the procedures for shifting a service to the alternate processing site are adequate and effective.