Security

Vouch uses enterprise-grade security practices to keep your data safe. Learn about Vouch’s security practices

Our Commitment

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Our Shared Security Responsibility Model

Vouch operates under a Software-as-a-Service (SaaS) model, where the security obligations are divided between Amazon Web Services (AWS), Vouch, and our clients. Utilizing AWS for our cloud infrastructure, we ensure our service is consistently accessible, scalable, and secure. AWS handles the security of the physical infrastructure, including buildings, hardware, networking, and the virtualization layer. Meanwhile, Vouch's responsibilities extend to encrypting customer data, securing the application layer, logging and monitoring security events, and tracking the availability of our service.

Customers are responsible for using the Vouch service appropriately and configuring its security features. Examples of customer responsibilities include providing complete and accurate information to Vouch, ensuring the security of devices used to access the service, setting up user authentication appropriately, managing access to the service with users, reporting security issues to Vouch, data security, and managing the security of any other applications or integrations used in customer environment including third party apps and plugins installed in their organization.

Our Policies

The following policies and procedures are followed and enforced at Vouch:

  • Access Control Policy
  • Asset Management Policy
  • Business Continuity and Disaster Recovery Plan
  • Code of Conduct
  • Cryptography Policy
  • Data Management Policy
  • Human Resource Security Policy
  • Incident Response Plan
  • Information Security Policy
  • Information Security Roles and Responsibilities
  • Operations Security Policy
  • Physical Security Policy
  • Risk Management Policy
  • Secure Development Policy
  • Third-Party Management Policy

These policies are followed by all Vouch employees and contractors, who review and accept the policies at the commencement of their employment with Vouch.For a copy of these policies, please reach our to support@vouchfor.com

We've helped 1000+ people teams

Flutter LogoCulture AMP LogoMarstons LogoHubspot LogoMongoDB LogoWarner Brothers Discovery LogoNRMA LogoGoDaddy LogoMorrisons Logo

Application Security

Data Encryption

All data in Vouch is encrypted in-transit using TLS 1.2+ and at-rest using an industry standard AES-256 encryption algorithm.

Single Sign On

SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials.

Incident Response

Our incident response plan tackles events that disrupt our service quality, incorporating clear escalation procedures and mobilizing the right teams to investigate, communicate, and resolve the incident

Vulnerability management

Vouch regularly scans production infrastructure, applications and networks for vulnerabilities using off-the-shelf tools to identify potential vulnerabilities tha tcould impact our systems.

SLDC Security

Vouch implements both human and automated review processes in order to ensure consistent quality in our software development practices.

Our Certifications

GDPR Logo

GDPR

Vouch implements both human and automated review processes in order to ensure consistent quality in our software development practices.

AICPA SOC Logo

SOC2 Type 2

Our SOC 2 Type 2 report attests to the controls we have in place governing the security of customer data as they map toTSPs established by the AICPA

Start Level One Logo

GDPR

Vouch participates in the voluntary CSASecurity, Trust & Assurance Registry (STAR)Self-Assessment to document our compliance with CSA-published best practices.