On-Demand Security

VersionOne implements the highest levels of security to ensure the confidentiality, integrity, and high-availability of all customer data. Critical to the effectiveness of our redundant, high-performance SaaS architecture is our multi-layer security systems and strict information security policies, which all work together to ensure your data remains private, secure and always available.

VersionOne Security Badge

Multi-layer Security for your Projects


We know that security and data integrity are crucial and that’s why VersionOne has implemented a comprehensive security infrastructure with state-of-the-art security measures and controls to ensure optimal protection against physical, network, server, application and data vulnerabilities. In keeping with the highest security standards, VersionOne’s state-of-the-art security measures and SSAE16 SOC 1, SOC 2, and SOC 3 certified data centers all have passed the same rigorous security audits as conducted for the top Fortune 500 financial services organizations.

Physical Security

In order to deny unauthorized access to facilities and equipment and to protect property from damage or harm, VersionOne On-Demand is hosted in first class colocation facilities where:

  • All areas are monitored and recorded using CCTV
  • All access points are controlled
  • Facilities are unmarked and staffed 24×7 by security officers
  • All visitors are biometric screened upon entry and escorted to authorized locations
  • All facilities utilize power systems with built-in redundancy, full Uninterruptible Power Supply (UPS) systems with up to N+1 level or greater, and backup generator systems in the event of a local utility failure

Network Security

In order to prevent and monitor for the misuse and abuse of our computer networks and network-accessible resources, VersionOne has implemented the following network security measures:

  • Industry leading firewalls and intrusion detection and prevention systems
  • 24X7X365 system monitoring and management
  • Regularly scheduled application of patches and upgrades
  • Around the clock network and firewall monitoring
  • Continuous firewall log analysis to keep abreast of traffic patterns and identify any unusual activity
  • Routine network vulnerability testing

All data centers adhere to the following information security certifications and standards:

  • ISO 27002
  • ISO 27001
  • PCI DSS Service Provider Level 1 Certification
  • SSAE16 SOC 1, SOC 2, and SOC 3
  • U.S. Commerce Department Safe Harbor Certification
  • Content Protection and Security Standard (CPS)

Server Security

In order to ensure the security and availability of all servers, VersionOne implements the following server security policies and procedures:

  • All operating systems are hardened to remove all unnecessary software
  • All services and patches are routinely reviewed and applied
  • All devices adhere to strict password policies to ensure strong password protection
  • Server level vulnerability testing is conducted at routine intervals
  • All servers are configured with built-in redundancy components, RAID 1 for the OS and RAID 5 for data on a storage area network utilizing high performance fiber channel

Application Security

In order to reduce the chances of unauthorized application access, VersionOne has implemented the following application security measures:

  • Users must authenticate themselves with a username and password in order to gain access to their data
  • All requests sent to VersionOne must be encrypted using industry standard Secure Socket Layer (SSL) encryption technology, ensuring secure, encrypted communication between the users web browsers and the VersionOne web servers
  • During initial authentication, the user identification token is digitally signed with a signing key unique to the customer’s application instance, allowing subsequent signature verification on every request
  • Customers alone have the ability to manage users, project access and project specific rights. Predefined project roles enable system and project administrators to quickly set up users and assign appropriate access rights for any given project
  • VersionOne conducts continuous application vulnerability and penetration testing using an industry-leading web application vulnerability testing provider, ensuring that your application and network environment is secured from outside attack

Additional Server & Application Monitoring

In addition to the aforementioned security measures, VersionOne takes security and up-time monitoring further to ensure the security and availability of all customer instances:

  • Servers and customer application instances are monitored 24x7x365 as part of our commitment to application performance and a quality customer experience
  • Alert thresholds are set and monitored for numerous conditions that would impact performance, availability, and potential abuse or misuse
  • Logs and performance counters are regularly analyzed to identify patterns of suspicious activity
  • All customer instances of VersionOne are actively monitored end-to-end for health and high availability as we continually strive to exceed our uptime goal of 99.5%

Business Continuity

VersionOne utilizes the following business continuity measures to assure customers that should disaster strike one of our data centers, that their data is stored safely offsite and available for rapid recovery.

  • Disk-to-disk off-site vaulting and backup service to compress data, and transfer it via point-to-point VPN to a SAN at a secure remote storage facility
  • Nightly backups to ensure that in the event of a complete loss at one data center, backups are accessible and restored at another secured data center location