Inner Banner

Security Policy

Protecting you data with our security policies

At StraViso, we respect your privacy and make significant efforts to protect all your data, and we would never do anything with your data that we wouldn’t be proud to tell the world about. We are honored that you trust us for your work and take the responsibility to serve you seriously.

Here’s an overview of some of our security practices. We also recommend reviewing our Terms of Service and Privacy Policy.

Field Cloud

StraViso is SOC2 TYPE II compliant. The audits affirm StraViso’s commitment towards information security practices, ensuring that policies, procedures, and operations meet and exceed the industry standards for security, availability, and confidentiality. The compliance report verifies the presence of internal controls designed and implemented to meet the prerequisites for the security principles outlined in the Trust Services Principles and Criteria for Security.

Field Cloud

Information Security Program

We have a best-in-class information security program validated by SOC 2 Type 2 report. Service Organization Controls (SOC) Reports are frameworks established by the American Institute of Certified Public Accountants (AICPA) for reporting internal controls implemented within an organization. The independent third-party audit assures StraViso’s dedication to giving enterprise-level security to customer data, as they require the regular assessment and confirmation of the protections and effective security practices StraViso has in place.

Roles and Responsibilities

related to our information Security Program and protecting our customers’ data are well-defined and documented. Our team members must review and accept all the security policies.

Third-party audits

Our organization regularly undergoes independent third-party assessments to test our security and compliance controls.

Security Awareness Training

Employees must go through employee security awareness training that covers industry standard practices and information security topics. All employees must sign and adhere to an industry standard confidentiality agreement prior to their first day of work.

Background checks

We perform background checks on all new team members in accordance with local laws.

Field Cloud

Cloud Infrastructure Security

All our services are hosted by Azure, which employs a robust security program with multiple certifications. For more information on our provider’s security processes, please visit Azure Security.

Data Hosting Security

All our data is hosted in the Azure Cloud database and is in the United States. Please reference the above vendor-specific documentation linked above for more information.

Business Continuity

We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.

Incident Response

We have a process for handling information security events which includes escalation procedures, rapid mitigation and customer communication.

Logging and Monitoring

We actively monitor and log various cloud services. We perform vulnerability scanning and actively monitor for threats.

Field Cloud

Permissions and Authentication

Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role. We have Single Sign-on (SSO) and multi-factor authentication (MFA) to ensure access to cloud services are protected.

Password Requirements

All team members are required to adhere to a minimum set of password requirements and complexity for access.

Least Privilege Access Control

We follow the principle of least privilege with respect to identity and access management.

Active Directory

Access to company resources and services is provided through authentication and authorization if Active Directory account.

Field Cloud

Annual Risk Assessments

We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.

Vendor Risk Management

Vendor Risk ManagementVendor risk is determined, and the appropriate vendor reviews are performed prior to authorizing a new vendor.

Responsible Security Disclosure Policy

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@straviso.com

Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.

We undergo annual risk assessments to identify any potential threats, including considerations for fraud.

AskLumen