VXG follows best practices in Information Security (IS). All the software is developed internally and services are provided by VXG employees. All employees are in Ontario, Canada. VXG maintains internal IS policies and documentation such as:
VXG Data Protection Policy.
VXG Information Security Policy.
VXG Software Development Guidelines.
The documents are available upon request. VXG conducts periodic reviews of IS and training for its employees.
Remote access
VXG provides managed services for the Cloud VMS deployed on customers’ infrastructure. The is granted and fully controlled by a customer.
In the case of AWS deployments, it is managed by IAM (Identity and Access Management). Each VXG employee will have their own credentials and every access will be logged in the system.
In the case of AWS, we recommend creating a brand new account and adding it to your organization at AWS. VXG will only have access to this isolated account dedicated to Cloud VMS.
Data transfer
All off-premises network protocols are TLS encrypted:
WSS (Web Socket Secure),
RTMPS (Real-Time Messaging Protocol Secure)
WebRTC (Web Real-Time Communication)
HTTPS (Hypertext Transfer Protocol Secure)
Data security
Optionally, the cloud storage can be encrypted – a feature provided by the cloud storage providers.
VXG uses AWS that meets high industry standards for data security, disaster recovery, physical and privacy, including ISO 27001, SSAE16/ISAE 3402 Type II: SOC 2, and SSAE16/ISAE 3402 Type II: SOC 3 certifications. See AWS Cloud Security for more information.
Penetration tests
The platform has passed a professional penetration test. The test was carried out as a grey box penetration test.
Methodology.
We ensure to use only current technologies, tools and follow best practices for penetration testing. Additionally, all work is done completely independently to ensure the best quality is reached and a deep security assessment is done. All tests are guided and inspired by the OWASP Testing Guide and Open Source Security Testing Methodology Manual (OSSTMM) to reach the highest standards.
Tools
The list of tools is available upon request.