Security is paramount to Vurbalize's customers and to Vurbalize. Security at Vurbalize has multiple facets. Here are all the ways in which we keep security front and center in everything we do.
Vurbalize conducts thorough system checks at least once a year with industry-leading cybersecurity. Our product and cloud systems are fully open for these examinations, with the testers having access to our source code for optimal results. We make summaries of these penetration tests available in our Trust Report.
Vurbalize performs vulnerability checks at crucial stages in our Secure Development Lifecycle (SDLC):
Vurbalize keeps all company devices under control with mobile device management software and malware protection. We consistently monitor device security alerts. We ensure devices are set up securely, such as disk encryption, screen lock configuration, and software updates.
Vurbalize evaluates vendors based on risk, considering factors such as:
Once we identify the inherent risk, we assess the vendor's security to decide on approval.
Vurbalize uses secure remote access to internal resources, and use malware-blocking DNS servers to protect employees and their devices while online.
Vurbalize offers all employees robust security training, both during onboarding and annually. This training includes a mandatory live session on key security principles for all new hires. In addition, new engineers are trained in secure coding practices. Our security team regularly updates employees on threats requiring attention or action.
Vurbalize uses Google to manage identities and access. Access to applications is based on an employee's role and is automatically revoked upon employment termination. Any additional access requires approval as per app-specific policies.
Vurbalize prioritizes data privacy and aims to responsibly manage all sensitive data.
Vurbalize is SOC 2 compliant and continually reviews updates to regulations and evolving frameworks to refine our program.