vCIOToolbox

Security

Secure Data Centers

vCIOToolbox has partnered with INAP for carrier-neutral SOC 2 Type II hosting facilities. Our primary and secondary data centers are located in Atlanta and Seattle (U.S.), with an option in Amsterdam, AMS-IX, (EU). Security Highlights include:

  • Security & Access: Key card with biometric access, video with 90-day retention, 24/7/365 onsite support
  • Network: Carrier connectivity to multiple providers
  • Power: 14.8 MW of power in N+1 configuration
  • Compliance:

    (U.S.)PCI DSS, HIPAA, SOC2 Type II
    (EU) ISO 27001 and ISO 22301

 

Secure Transmissions and Sessions

Connection to the vCIOToolbox application is via SSL/TLS cryptographic protocols, using global step-up certificates. This ensures that users have a secure session from their desktop to our data center. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login

 

Disaster Recovery

vCIOToolbox conducts near real-time replication of its primary and backup systems in each data center. We test to confirm we are meeting our projected RTO and RPO parameters and that all data is encrypted during transit.

 

 

Two-Factor Authentication

Two-Factor Authentication requires that all login attempts have both login credentials and a second authentication factor. We leverage two-factor verification powered by Twilio Verify.  Two-factor can be set up as a policy and controlled by system administrators. Any access attempts that do not have valid credentials from each source will be denied access to vCIOToolbox.

 

 

Code and Database

vCIOToolbox tests all code for security vulnerabilities prior to release, and we regularly employ a 3rd party to scan our network and systems for vulnerabilities.

Systems are designed and configured to support multi-tenant access with secure logical separations of customer data restricting access to only authorized information. Session timeout policies are employed for all users.

 

Privacy

vCIOToolbox is committed to protecting your privacy and the personal information that you provide to us. Please read the Privacy Policy below to understand how we collect, use, and treat your personal information. If after reviewing this Privacy Policy you have questions regarding our treatment of your personal information, please contact us.  You can view the full policy here.