VisTab takes data security incredibly seriously. We employ a range of measures to ensure confidentiality, integrity and availability as crucial parts of our service to you.
We store files and data securely at rest using AWS Simple Storage Service (S3) and RDS Key- based encryption.
Interaction data on our tablets is encrypted, and the devices are managed through a secure MDM system with strict security policies.
Sessions are authenticated using JSON Web Tokens (JWT). Our tablets use JWT Token based authentication with rotating keys.
Requests are routed through CloudFront which acts as a firewall.
You control how long your visitor sign in history is retained for. Please get in touch if you would like to setup a custom retention period.
If your account and subscription for VisTab is cancelled, 12 months after your notice period has ended (or sooner upon explicit request), an automated process will begin that permanently deletes your visitors, files and sign in history.
We make daily backups of our database, and additionally use an automated continuous backup system.
We can restore the instance to any second during our retention period, up to the latest restorable time (typically, the last five minutes).
The information is replicated to two separate servers to ensure high availability.
Your tablet will continue to operate in offline mode and it will sync all queued up data to our Web Portal once it is back online.
All passwords in our system must be at least 14 characters long. At client request we can enforce MFA for users based on their role.
All our team members are required to use Multi-factor Authentication where available.
All user passwords are securely salted and hashed before storage in an encrypted database on AWS. Our staff has no ability to retrieve the passwords. Passwords can only be reset and not retrieved.
Role-based administration allows our customers to provide the right access to specified team members on site-specific levels.
We follow the principle of least privilege with respect to identity and access management.
Access to cloud infrastructure and other sensitive tools are limited to authorised team members who require it for their role. Where available we have Single Sign-on (SSO), Multi-factor Authentication (MFA) and strong password policies to ensure access to cloud services are protected.
Our support team has access to the products and to customer data via controlled interfaces to provide effective customer support, troubleshoot potential problems, detect and respond to security incidents, and implement data security.
VisTab undergoes an external penetration test by an independent third party on an annual basis.
Our team members are required to complete employee security awareness training covering industry standard practices and information security topics such as phishing and password management.