vCIOToolbox Security


Security Overview

At vCIOToolbox we consider security, privacy, and compliance as key considerations when choosing a SaaS provider.  We are fully committed to protecting all the data users enter and share within vCIOPro. It is our objective to reduce and mitigate the risk of data breaches and secure your intellectual property.


Application Availability & Continuity

The application is hosted in a High Availability, Fault Tolerant system and block changes are shipped to our Baltimore location where we have a cold standby configuration that can resume operations in <15 minutes of a declared disaster event.



vCIOToolbox is compliant with the GDPR regulations from the EU. This is reflected in our Privacy Policy effective in November of 2018

EU-US Privacy Shield

The privacy shield covers issues relating the collection, use, and retention of any and all personal information from the EU and Switzerland.  vCIOToolbox follows all key Privacy Shield Principles for data handling and transfer.

Disclosure Policy

industry-standard technologies to secure customer data and prevent unauthorized access. These systems are continuously monitored.

In the event of a security breach we follow and internal incident response protocol.  Our team will communicate with affected customers via email, sharing updates and addressing impact in the shortest interval possible.

Datacenter Security

We host the application within the TierPoint Dallas Facility.  This facility boasts 2N power through 4 power plants, multi-carrier, multi-honed networks with true BGP., 6 backup diesel generators. The facility SSAE 18 SOC 2 Type II, PCI-DSS*, GLBA and HIPAA standards annually and is ITAR and EU-US Privacy Shield registered.
We back our systems to a Tierpoint Center in Baltimore which has the same security standards as noted above, with N+1 power systems and multi-carrier BGP systems.

Corporate Security

Our internal policy includes full disk encryption for all development environments, use of strong credentials and adherences to our Written Information Security Policy (WISP) and our incident reponse policy.

Additionally, all vCIOToolbox employees  pass a pre-employment background check, and complete regular security awareness training. 

Application Security

All vCIOToolbox customers share a common user interface (UI) with seperate distinct database instances for each subscribing company.

PSA (ConnectWise and Autotask) requires and recommends that only read-level access be granted. And any data retrieved from cloud providers is always retrieved using read-only requests (e.g., GET for REST APIs).

Ready To Get Started?