At StraViso, we respect your privacy and make significant efforts to protect all your data, and we would never do anything with your data that we wouldn’t be proud to tell the world about. We are honored that you trust us for your work and take the responsibility to serve you seriously.
Here’s an overview of some of our security practices. We also recommend reviewing our Terms of Service and Privacy Policy.
StraViso is SOC2 TYPE II compliant. The audits affirm StraViso’s commitment towards information security practices, ensuring that policies, procedures, and operations meet and exceed the industry standards for security, availability, and confidentiality. The compliance report verifies the presence of internal controls designed and implemented to meet the prerequisites for the security principles outlined in the Trust Services Principles and Criteria for Security.
We have a best-in-class information security program validated by SOC 2 Type 2 report. Service Organization Controls (SOC) Reports are frameworks established by the American Institute of Certified Public Accountants (AICPA) for reporting internal controls implemented within an organization. The independent third-party audit assures StraViso’s dedication to giving enterprise-level security to customer data, as they require the regular assessment and confirmation of the protections and effective security practices StraViso has in place.
related to our information Security Program and protecting our customers’ data are well-defined and documented. Our team members must review and accept all the security policies.
Our organization regularly undergoes independent third-party assessments to test our security and compliance controls.
Employees must go through employee security awareness training that covers industry standard practices and information security topics. All employees must sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
We perform background checks on all new team members in accordance with local laws.
All our services are hosted by Azure, which employs a robust security program with multiple certifications. For more information on our provider’s security processes, please visit Azure Security.
All our data is hosted in the Azure Cloud database and is in the United States. Please reference the above vendor-specific documentation linked above for more information.
We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
We have a process for handling information security events which includes escalation procedures, rapid mitigation and customer communication.
We actively monitor and log various cloud services. We perform vulnerability scanning and actively monitor for threats.
Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role. We have Single Sign-on (SSO) and multi-factor authentication (MFA) to ensure access to cloud services are protected.
All team members are required to adhere to a minimum set of password requirements and complexity for access.
We follow the principle of least privilege with respect to identity and access management.
Access to company resources and services is provided through authentication and authorization if Active Directory account.
We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.
Vendor Risk ManagementVendor risk is determined, and the appropriate vendor reviews are performed prior to authorizing a new vendor.
If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@straviso.com
Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
We undergo annual risk assessments to identify any potential threats, including considerations for fraud.
Copyright © 2024 StraViso.com All rights reserved.
