| Trust Center

Vaival Technologies

Vaival Technologies is the partner of choice for entrepreneurs, SMEs and major corporations. Since 2010, we’ve helped many businesses enhance their potential via custom software development, web3 & blockchain, dev-ops, design innovation and IT consulting services.

Controls

View all controls

+ 4 more

+ 5 more

+ 27 more

Subprocessors

View all subprocessors

Amazon Web Services

Google Cloud Platform

Microsoft Azure

Jira

Google Workspace

Resources

SOC 2 Type II

Policy Packet

SOC 1 Type II

Penetration Test Fall 2023

Penetration Test Sprint 2022

Controls

Infrastructure security

CONTROL

STATUS

Encryption key access restricted

The company restricts privileged access to encryption keys to authorized users with a business need.

Production application access restricted

System access restricted to authorized access only

Access control procedures established

The company's access control policy documents the requirements for the following access control functions:

  • adding new users;
  • modifying users; and/or
  • removing an existing user's access.

Remote access encrypted enforced

The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.

Log management utilized

The company utilizes a log management tool to identify events that may have a potential impact on the company's ability to achieve its security objectives.

Network firewalls reviewed

The company reviews its firewall rulesets at least annually. Required changes are tracked to completion.

Network firewalls utilized

The company uses firewalls and configures them to prevent unauthorized access.

Organizational security

CONTROL

STATUS

Asset disposal procedures utilized

The company has electronic media containing confidential information purged or destroyed in accordance with best practices, and certificates of destruction are issued for each device destroyed.

Employee background checks performed

The company performs background checks on new employees.

Code of Conduct acknowledged by contractors

The company requires contractor agreements to include a code of conduct or reference to the company code of conduct.

Code of Conduct acknowledged by employees and enforced

The company requires employees to acknowledge a code of conduct at the time of hire. Employees who violate the code of conduct are subject to disciplinary actions in accordance with a disciplinary policy.

Confidentiality Agreement acknowledged by contractors

The company requires contractors to sign a confidentiality agreement at the time of engagement.

Confidentiality Agreement acknowledged by employees

The company requires employees to sign a confidentiality agreement during onboarding.

Visitor procedures enforced

The company requires visitors to sign-in, wear a visitor badge, and be escorted by an authorized employee when accessing the data center or secure areas.

Security awareness training implemented

The company requires employees to complete security awareness training within thirty days of hire and at least annually thereafter.

Product security

CONTROL

STATUS

Data encryption utilized

The company's datastores housing sensitive customer data are encrypted at rest.

Control self-assessments conducted

The company performs control self-assessments at least annually to gain assurance that controls are in place and operating effectively. Corrective actions are taken based on relevant findings. If the company has committed to an SLA for a finding, the corrective action is completed within that SLA.

Vulnerability and system monitoring procedures established

The company's formal policies outline the requirements for the following functions related to IT / Engineering:

  • vulnerability management;
  • system monitoring.

Internal security procedures

CONTROL

STATUS

Continuity and Disaster Recovery plans established

The company has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel.

Continuity and disaster recovery plans tested

The company has a documented business continuity/disaster recovery (BC/DR) plan and tests it at least annually.

Cybersecurity insurance maintained

The company maintains cybersecurity insurance to mitigate the financial impact of business disruptions.