Introduction
Information systems and Vryno data are precious resources that need to be safeguarded. This is accomplished by putting in place appropriate security frameworks to manage risks to Vryno and make sure business continuity by averting security incidents and minimizing their possible effects.
1. Organizational Security
Across domains and business processes, policies and procedures are established and put into practice. The policies are used to safeguard the confidentiality, accessibility, and integrity of Vryno data and data resources as well as to test control mechanisms.
1.1 Employee Vetting
Before an employee is officially hired by the company, they are all screened. To complete background verification, which includes checking criminal histories, prior job histories, and educational backgrounds, Vryno uses an outside third-party provider.
1.2 Training and awareness
In order to make sure that Vryno personnel are aware of information security policies, emerging threats, and typical attack vectors, security awareness content is generated and distributed among various teams. Furthermore, security awareness training courses are held to increase knowledge of business rules, security procedures, and risks.
1.3 Physical Security
The corporate security division of Vryno is in charge of safeguarding the company’s physical assets. CCTV cameras are used by Vryno to monitor the property; backup footage is accessible for a limited time, contingent on the needs of that particular site. Access to the facilities is authorized by the use of keycard and biometric identification.
When it comes to cloud resources (such as Google, AWS, DigitalOcean, and OVH), cloud ISPs are in charge of keeping appropriate security policies in place and safeguarding the assets.
2. Operational Security
These practices concentrate on keeping an eye out for active threats to real-time communication networks and implementing preventative measures to safeguard information systems.
2.1 Logging & Monitoring
Enterprise and proprietary solutions are used to monitor infrastructure and applications around-the-clock. We keep an eye on both device and terminal usage as well as internal network traffic. Event, audit, fault, administrator, and operator logs are all kept, and they are all examined for irregularities and incidents. These logs are kept in a secure, segregated location.
2.2 Vulnerability Assessment
In order to find and fix software vulnerabilities, Vryno also has a security team on staff. Additionally, we encourage members of the larger software security community to find and report issues.
2.3 Backup
Every day, Vryno creates file and database backups for each customer instance. To mitigate the danger of a hardware failure, this backup is kept on a different server. Within eight hours, data and service access can be restored in the event of such a breakdown.
2.4 Security Patches
Vryno applies fixes as soon as they are created internally or become accessible in other ways as part of its preventative maintenance to guard against any potential vulnerabilities.
3. Data Security
Data is essential to the functioning of the business, thus we adhere to stringent policies centered on our design, development, and operations to ensure the confidentiality, availability, and integrity of the data at all times.
3.1 Engineering practices
Before deploying code into production, engineering teams manually evaluate and filter it in accordance with secure coding principles.
The application layer is protected against typical threats and attack vectors (such as SQL injection and cross-site scripting) by implementing secure coding rules that are based on OWASP standards.
3.2 Data Isolation
Because Vryno has a single tenant architecture, each instance is allotted an own space. These instances are operating independently because they are not aware of each other.
3.3 Encryption
3.3.1 In Transit
Industry standard TLS 1.2/1.3 secures all data exchanged between your browser and Vryno’s servers. IMAP/POP/SMTP email client access, mobile apps, online applications, and APIs are all included in this.
Perfect forward secrecy (PFS) and HTTP Strict Transport Security header (HSTS) are two secure configurations that we have enabled for all online traffic. This requires browsers to communicate through encrypted channels only.
3.3.2 At Rest
Storage disks of all the servers are encrypted using Disk level Encryption.
All customer data is encrypted using AES-256 on Google cloud & hourly backups are also encrypted using AES-256.
3.4 Data retention and deletion
We keep customer data for as long as they are active subscribers; in the event that they cancel or stop using the service, it is disposed of in accordance with the policies.
Data for trial accounts that do not initiate a paid subscription is erased twelve days following the trial’s conclusion.
Data from paid accounts that are canceled is erased ninety days following the cancellation date.
If a payment is unsuccessful on a paid account, it will be closed after 90 days and stopped for 15 days. Following account closure, all data will be removed after one week.
After 60 days of inactivity, data for free accounts is removed.
For commercial purposes, billing data used to generate invoices is kept on file for seven years.
3.5 Data Location
The servers of Vryno are situated in the US & India. The location in which you reside at the moment of starting your free Vryno trial determines which server will store your data.
4. Incident Management
Procedure that outlines an organization’s efforts to locate, evaluate, and address risks in order to stop them from happening again in the future. An incident has the potential to grow into an emergency, crisis, or disaster if it is not addressed.
4.1 Reporting
Vryno keeps hourly backup scheduled for every customers instance. To mitigate the danger of a hardware failure, these backups are encrypted and stored in google storage. Within 8-12 hours, data and service access can be restored in the event of such a breakdown.
Teams of committed individuals in the US, UK, & India, are in charge of examining various occurrences that take place in the environment that pertains to you, and we adhere to the necessary procedures for managing and reporting them. We investigate the underlying source of the issue and implement preventative measures to keep it from happening again. Additional safeguards and regulations are implemented to lessen comparable circumstances.
4.2 Breach Notification
Within 48 hours of learning of a breach at the service level, Vryno will notify both its clients and the relevant authorities.
