At our company, data security is our top priority. Validis is provided to you by an ISO27001 & SOC 2 Type 2 compliant organization, Validis Group Holdings Ltd.
In conjunction with Microsoft Azure the Validis platform maintains the highest level of security. Microsoft Azure is ISO/IEC27001 & SOC 2 Type 2 compliant which covers all geographic Data Centers used.
For more information on Validis Security Policies, please visit our website here detailing the security compliances.
Security Overview
- Hosting Partner – Validis utilizes Microsoft Azure as the cloud hosting partner. Microsoft Azure is one of the largest and most respected hosting and service providers in the world. The Microsoft Azure infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure Microsoft Azure data centers (regionally based).
- Data Transmission - Data extracted from the End Users accounting software is encrypted before transmission to the central Validis application.
- Application Topology – The Validis topology separates presentation and service layers. We reserve the right to alter this topology in response to performance, security, reliability, or any other concerns.
- Digital Security – The application runs on an environment protected by a pair of next-generation firewalls. Administration access is blocked outside and is accessible only to system administrators. It is additionally protected via 2048bit SSH key-based authentication.
- Application Scalability - Industry standard technology platforms are used, and incorporate a range of design features to ensure scalability of the presentation, synchronous services, and asynchronous services tiers.
- Penetration Testing – Validis performs penetration tests on the Validis service for every major release or annually using a trusted third party. The results can be shared in summary form with Validis Resellers upon request.
- Authorised Data Access – Access to all data is restricted to authorised users who are granted access to data by supplying a username and password. Authorised user passwords are secured using industry-standard techniques. All data access is audited.
- Validis Employee Data Access – Only key system administrator members of the Validis team have access to the Validis production environment. Access to client data is highly restricted to key members of the engineering team and support teams in the performance of their roles. All activity on the production servers is audited.
- Systems & Processes – Validis, the providers of Validis, are ISO 27001 and SOC2 certified. Our policy and procedures are independently audited every year. Certificates can be provided on request.