VersionOne understands the securing your project data. Our redundant, high–performance SaaS architecture, security systems, and strict information security policies ensure confidentiality, integrity, and high–availability of all customer data.

A comprehensive security model within the application and strict controls for maintaining the application health ensure that customer data stays confidential. VersionOne’s state–of–the–art security measures and SAS 70 Type I and II certified data centers have passed security audits of today’s leading Fortune 500 financial services organizations.

Application Security

• VersionOne requires users to authenticate themselves with a username and password before providing access to any data.
• All requests sent to VersionOne must be encrypted using industry–standard Secure Socket Layer (SSL) encryption technology, ensuring secure, encrypted communication between the users’ web browsers and the VersionOne web servers.
• During initial authentication, the user identification token is digitally signed with a signing key unique to the customer’s application instance, allowing subsequent signature verification on every request.
• Within the application, customers alone have the ability to manage all users and their project access and project–specific rights. Predefined project roles allow system and project administrators to quickly set up users or verify that they have the appropriate rights for a given project.
• VersionOne conducts continuous application vulnerability/penetration testing using a leading web application vulnerability testing provider, ensuring that the application and environment is secure from outside attack.

Physical Security

• VersionOne On–Demand is hosted in first–class colocation facilities that offer the highest standards of security.
• All areas of the data centers are monitored and recorded using CCTV, and all access points are controlled.
• The facilities are unmarked and staffed 24x7 by security officers. Visitors are biometric–screened upon entry and escorted to their authorized locations.
• These data centers are designed with power systems with built–in redundancy, full Uninterruptible Power Supply (UPS) systems with up to N+1 level or greater, and backup generator systems in the event of a local utility failure.

Network Security

• All data centers combine industry–leading firewalls and intrusion detection and prevention systems to ensure the security of the application infrastructure.
• These systems are monitored and managed on a 24x7x365 basis.
• Patches and upgrades are applied at regularly scheduled intervals, and networks and firewalls are monitored around–the–clock so that support staff can quickly respond to and resolve any alerts that occur.
• Regular analyses of firewall logs are performed to keep abreast of traffic patterns and identify any unusual activity. In addition, network vulnerability testing is conducted at routine intervals.
• The Intrusion Detection System (IDS) provides in–depth defense by analyzing network traffic and either blocking, replacing, or alerting when suspicious activity is detected. The system utilizes a rules–based language, which combines the benefits of signature, protocol, and anomaly–based inspection methods.
• All data centers hold the following critical certifications; PCI DSS Service Provider Level 1 Certification, SAS 70 Type I and Type II, and U.S. Commerce Department Safe Harbor Certification.

Server Security

• Server operating systems are hardened to remove all unnecessary software and services and patches are routinely reviewed and applied.
• All devices are protected by strong passwords and maintained policies.
• Servers are configured with built–in redundancy components, RAID 1 for the OS and RAID 5 for data on a storage area network utilizing high performance fiber channel.
• Server–level vulnerability testing is conducted at routine intervals.

Server & Application Monitoring

• Servers and customer application instances are monitored 24x7x365 as part of our commitment to application performance and a quality customer experience
• Alert thresholds are set and monitored for numerous conditions that would impact performance, availability, and misuse.
• Regular analyses of logs and performance counters are performed to analyze patterns and identify any unusual activity.
• All customer instances of VersionOne are actively monitored end–to–end for health and high–availability.
• For on–demand customers, VersionOne continues to exceed our uptime goal of 99.9%.

Business Continuity

• To ensure that data is available even after a disaster, VersionOne uses a disk–to–disk off–site vaulting service to house backups.
• The vaulting service compresses the data, then transfers it via point-to-point VPN to a SAN at a secure remote storage facility.
• With the data stored off–site, customers can rest assured that even in the event of a disaster at one of our data centers, customer data is stored safely offsite and available for recovery.
• Backups are performed at nightly, weekly and monthly intervals and stored for 7, 30 and 90 days respectively. In the event of a complete loss at a data center, these backups can be accessed and restored at another secured data center location.