Technical & Operational Security Controls of Visure's Saas – Visure Solutions

URL to SaaS/Hosted Application Login:

Data Center Vendor / Location:

Our infrastructure is hosted on Microsoft Azure, with data centers located in [specific Azure region, e.g., East US, West US]. Azure data centers are compliant with ISO 27001, SOC 2, PCI DSS, GDPR, and other industry standards.

We prioritize data security and privacy through robust policies aligned with industry standards:

IT Security Policy:
- Governs the secure management of our infrastructure, applications, and data.
- Focuses on access control, encryption, vulnerability management, and incident response.
Privacy Policy:
- Outlines how personal and sensitive data is collected, processed, stored, and deleted.
ISO 27001 Implementation:
- Our ongoing implementation of ISO 27001 demonstrates our commitment to building an Information Security Management System (ISMS) for data protection.

Policy Availability:
Detailed documentation can be provided upon request.

Compliance Certifications:

Microsoft Azure Compliance:
- Microsoft Azure, as our cloud provider, maintains SOC 2, SOC 3, ISO 27001, PCI DSS, GDPR, and HIPAA certifications. Compliance documentation can be found on the Microsoft Trust Center:
  Microsoft Compliance Documentation
Our Organization’s Compliance:
- We are currently implementing ISO 27001, a globally recognized standard for Information Security Management Systems (ISMS). This demonstrates our commitment to data protection, risk management, and security controls.

We follow secure development lifecycle (SDLC) practices to ensure our application is secure:

Code Reviews: All code undergoes peer reviews and automated SAST (Static Application Security Testing) to identify vulnerabilities.
Dependency Management: We scan for vulnerabilities in third-party libraries using tools like Snyk.

Data Backup, Retention, and Deletion Policies:

Data is backed up daily and retained for 30 days in Azure Blob Storage, which uses geo-redundant storage (GRS).
Data deletion follows a secure erasure process to ensure no residual data remains.

Encryption at Rest:

All data is encrypted at rest using AES-256 encryption.
Encryption in Transit:
Data is encrypted in transit using TLS 1.3 for all communications.

We have a robust patch management policy to apply security updates:
- Critical patches: Applied within 24-48 hours.
- Routine updates: Applied monthly.
Wazuh SIEM and Azure Security Center monitor vulnerabilities and ensure compliance.

Role-Based Access Control (RBAC):

All access is governed by RBAC, ensuring users only access resources necessary for their roles.

Least Privilege:

Least privilege principles are enforced across all systems, limiting access to the minimum required for functionality.

Multi-Factor Authentication (MFA):

Single Sign-On (SSO):

SSO is supported and integrated with Azure Active Directory for centralized access control.

We rely on the following subprocessors to deliver our services securely:

Data Center Provider:
- Microsoft Azure (cloud hosting, infrastructure management).
DNS Services:
- Azure DNS (highly available and secure DNS services).

Monitoring:
- Wazuh SIEM for real-time monitoring and alerting.
- Azure Monitor for infrastructure health monitoring.
Ticketing System:
- Zendesk for managing support requests and incidents.

Compliance: ISO 27001 (in progress), Azure certifications (SOC 2, HIPAA, etc.).
Data Security: AES-256 encryption, TLS 1.3, 30-day backups.
Access Controls: RBAC, MFA, SSO, least privilege.
Monitoring: Wazuh SIEM, Azure Security Center.

Related to

Related articles