Security Practices
Security Practices
Providing you with data security is a high priority of Provectus. We put a wide range of security measures and maintain policies and procedures to comply with required data security standards, and we continue to take all the necessary measures to improve our information security level to ensure the safety and privacy of your data.
If we do detect something risky that we think you should know about, we’ll notify you and help guide you through steps to stay better protected.
The security measures we have in place are designed to protect against unauthorized access, alteration, disclosure or destruction of the information we hold, including:
- We use Advanced Encryption to scramble sensitive information while it is in transit;
- We use multi-factor authentication and Single sign-on (SSO) authorization, as the access control mechanisms to make sure users have appropriate access to data;
- We conduct a cyber security education for personnel to give the knowledge they need to protect confidential information from cyber criminals and data breach;
- We provide personnel security requires extensive employee and contractor background checks and strictly enforced confidentiality agreements;
- We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;
- We take care of protecting your business with Cyber liability insurance that provides a combination of coverage options to help protect the company from data breaches and other cyber security issues;
- We maintain Annual third-party vulnerability and penetration tests, as well as security audit to study of an information system and seeking potential security weaknesses;
- We keep your data locked down at every level, and we take multiple measures to ensure it stays that way;
- We developed a disaster recovery plan to be able to recover quickly the date we hold in the event of power outages, cyber attacks and any other disruptive events.
Provectus does not sell, share, or trade any customer data. Your information and your company’s information are not for sale and never will be. Access to customer data is restricted to individuals who require that information to fulfill their job duties. We only hire individuals of the highest integrity.
- System and Organization Controls (SOC) 2 Type 1 (see Provectus SOC 2 Type 1 attestation report)
- System and Organization Controls (SOC) 2 Type 2 (see Provectus SOC 2 Type 2 attestation report)
As assessed by Johanson Group LLP, Provectus IT, Inc. is SOC 2 compliant. The company’s service commitments and system requirements meet the trust services criteria relevant to security (applicable trust services criteria) set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).
