The Security of Your Work Is Our Top Priority
ISO/IEC 27001 Certification
One of the most widely accepted and recognized international standards for information security management, the ISO/IEC 27001 standard certifies that Vyond has the requisite information security controls in place to protect client data. The certification process includes a rigorous audit of Vyond’s information security management systems and controls and is awarded only to those companies that can meet the standard as judged by an independent, accredited team of auditors.
European Union General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a comprehensive regulation focused on the protection and free movement of individuals’ personal data. It requires companies handling such data to obtain informed consent before collecting it, to safeguard this information, and to ensure that any companies they share this information with follow the same standards. Companies must also be able to report on what personal data they have obtained and to return or destroy an individual’s information upon request. GoAnimate Inc., the company that operates Vyond, is compliant with the GDPR.
Hosting and Infrastructure
Vyond’s Software-as-a-Service (SaaS) solution is hosted on top-tier secure cloud services provided by Amazon Web Services (AWS). AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 (formerly referred to as SAS 70 and/or SSAE 16) and SOC 2 audit reports.
Your Payment Information Is Safe with Us
Vyond does not collect, accept, handle, process, receive, transmit, or store your payment card information electronically at all, and we solely utilize PCIDSS Level 1-compliant service providers for handling payment processing and subscriptions.
GoAnimate Inc., the company that operates Vyond, maintains a Certificate of Validation for PCIDSS for the electronic payment processing workflow. This certificate is available on request.
Penetration Tests and Monitoring
Vyond’s applications and our IT infrastructure undergo regular automated and manual vulnerability assessments by independent companies. This is done in addition to AWS’ own independent tests, periodic internal tests, and 24/7 monitoring of security-related events by dedicated teams.
The Vyond operations team maintains a monitoring dashboard and metrics associated with different service components. We also have proactive alerting controls for notification by different channels, subject to the significance of the event.
Third-party Vendor Management
Vyond maintains a comprehensive workflow on vendor security assessment and regular reviews. Prior to engaging a third-party vendor, the company’s management team and involved departments conduct a thorough review and subsequently investigate implications to information security. We closely review service agreements to ensure that potential avenues for misuse of customer information would be identified early and eliminated. Once a vendor has been selected, we conduct regular reviews on their performance and information security.
Our team follows secure development methodologies with code reviews that incorporate automated quality assurance controls. Software components utilized in the Vyond platform undergo regular checks against published vulnerability databases to facilitate remediation planning. We also raise any security concerns during the planning and specification phase.
Our applications are deployed on AWS Virtual Private Cloud (VPC) on segregated logical networks separate from those of other companies with a few number of defined ingress and egress points to minimize the potential attack surface and facilitate security monitoring. Administrative access to servers on the network requires going through dedicated encrypted tunnels from authorized workplace networks. Only operations personnel are authorized access to the production network. Network firewalls are on a deny-by-default configuration and specific service ports open only on a valid business need.
User accounts are created only for those with a need-to-know clearance and access granted on a least privilege basis. Upon staff departure, accounts are promptly disabled or removed.
Single Sign-On & Password Security
Using Office365 or Google Single Sign-On (SSO) with your Vyond account enables fast, easy logins, and improves online security.
For businesses with even stricter security policies, we offer locally administered SSO designed for direct integration with your corporate authentication service. For more information, contact our sales team.
For teams that don’t take advantage of either SSO option, Vyond Studio offers team administrators comprehensive password control features, including password complexity requirements, regularly enforced password changes, and disallowing the use of previously used passwords.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed to provide guidance around data protection for companies engaging in transatlantic commerce. Similar to our commitment to GDPR, we respect your control over your own information and take the utmost care to ensure that all data we receive is subjected to the applicable principles of the Privacy Shield Framework. GoAnimate Inc., the company that operates Vyond, participates in and has certified compliance with both the EU-U.S. and the Swiss-U.S. Privacy Shield Framework.
To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.