Webinar alert!

Security, privacy and compliance

Our enterprise-proof platform is built on your principles for data security and data privacy. This way, you can be sure that you are fully compliant with legal requirements.

All personal information is processed within the European Economic Area (EEA)

Vormats guarantees that all personal data and information will not leave the European Economic Area (EEA). It is processed and stored here, also by the affiliated sub-processors.

See our whitepaper

Security

Singe Sign-On (SSO)

SSO is available to external enterprise-identity providers who comply with SAML-standards. Vormats is optimised for federation with Azure, AuthO, Google and OpenAM.

Data-encryption

Information is secured with world-class encryption including from ‘in transit’ with TLS 1.2+ and ‘at rest’ with the AES-256-algorithm, with frequent encrypted back-ups.

Vulnerability scans

The Vormats-platform is monitored for security events using scanning software for the scanning of vulnerabilities of third parties and with architecture-specific monitoring tools

Penetration testing

Our systems are regularly penetration tested by an independent professional. The results are entered into the change management registry to ensure Vormats’ information security management system is continuously improved.

IT architecture and infrastructure

The IT-foundation of our platform and systems are based on the ability to do business with all companies worldwide, regardless of industry and regulations.

Data classification

With Vormats data classification system videos can be easily classified by the video owner via three levels of confidentiality. The content of the video determines whether passwords and sanity checks are required.

Application-development

Vormats development process follows the OWASP top-10-norms and the Secure Software Development Lifecycle (SDLC) for the building of safe applications.

Two step verification (2FA)

Our authentication system makes use of best practice-mechanisms in the industry and complies with strict regulations, such as HIPPA. Our system can be expanded with 2FA via the authenticators from Microsoft and Google.

External independant auditor

Vormats has hired NAQ-Cyber as an external independent auditor to periodically review processes and systems for compliance with information security policies and other requirements.

Security training for privacy awareness

All staff and contractors are regularly trained by our partner NAQ-Cyber. They are obligated upon commencement of employment to follow our cyber security and AVG training which is repeated annually, including the associated examinations.

Compliance

GDPR

Our platform is developed within the framework of the General Data Protection Regulation (GDPR), so that you fully comply with all legal requirements.

ISO 27001

Our ISO/IEC 27001-certification confirms the measures we have taken with regard to customer data within the meaning of the General Data Protection Regulation (GDPR).

IASME Governance

IASME Governance is an Information Assurance-standard developed to easily and affordably support and help to improve the cybersecurity of small and medium-sized businesses (MKB).

SOC 2 Type II

The infrastructure of Vormats is managed by a trusted cloud service provider subject to the Service Organisation Controls (SOC2) (Type II) Trust Services Principles.