Security Policy
We take security seriously. Security has been built into Veloopti right from the beginning and as software is added or changed we ensure that it is secure as soon as applicable. We appreciate external assistance and take anything that you have to say about it seriously – so please raise concerns with us.
Security Policies and Procedures
We are very careful with our servers, and everything is on a least-privileges and least-access basis.
- All access to and communications with our servers are secured with SSL. Unsecured access is completely disabled.
- As data comes into the Veloopti SaaS servers the security certificate is inspected. Each security certificate is unique and belongs to a single customer and there is virtually no possibility of it escaping to anywhere other than the instance that it belongs in.
- Our APIs aren’t fully read-write enabled; they have only the minimal necessary functionality.
- We have companywide policies about security, including personal devices such as backups, laptops, and phones. We use two-factor authentication on all services that support it.
Data that is sent to the Veloopti servers
Data that is sent from a managed server to Veloopti is encrypted using industry standard SSL encryption mechanisms using a security certificate that is local to Operating System. This certificate is unique to the managed server and if a duplicate is detected then another certificate is issued after customer approval is obtained. This approval may be selected to be automated by the customer.
After the data is received by Veloopti the certificate is inspected and the data contained in it is placed in a table that is only accessible by the customer.
Security Agreements and Compliance Requirements
Please contact us to discuss compliance with any specific security requirements or policy frameworks you need. We have many customers who are required to comply with standard security certifications, audit requirements, and the like. We are happy to discuss how we can also meet your needs.