Security

Security is paramount to Vurbalize's customers and to Vurbalize. Security at Vurbalize has multiple facets. Here are all the ways in which we keep security front and center in everything we do.

Penetration Testing

Vurbalize conducts thorough system checks at least once a year with industry-leading cybersecurity. Our product and cloud systems are fully open for these examinations, with the testers having access to our source code for optimal results. We make summaries of these penetration tests available in our Trust Report.

Vulnerability Scanning

Vurbalize performs vulnerability checks at crucial stages in our Secure Development Lifecycle (SDLC):

• Static analysis of code during code reviews and continuously
• Analysis of our software for known vulnerabilities
• Scanning to prevent malware in our software
• Dynamic testing of active applications
• Regular network vulnerability scanning
• Continuous monitoring of new assets that are externally facing

Enterprise Security Device Protection

Vurbalize keeps all company devices under control with mobile device management software and malware protection. We consistently monitor device security alerts. We ensure devices are set up securely, such as disk encryption, screen lock configuration, and software updates.

Vendor Security

Vurbalize evaluates vendors based on risk, considering factors such as:

• Access to customer and company data
• Integration with production environments
• Potential harm to Vurbalize's reputation

Once we identify the inherent risk, we assess the vendor's security to decide on approval.

Secure Remote Access

Vurbalize uses secure remote access to internal resources, and use malware-blocking DNS servers to protect employees and their devices while online.

Security Training

Vurbalize offers all employees robust security training, both during onboarding and annually. This training includes a mandatory live session on key security principles for all new hires. In addition, new engineers are trained in secure coding practices. Our security team regularly updates employees on threats requiring attention or action.

Identity and Access Management

Vurbalize uses Google to manage identities and access. Access to applications is based on an employee's role and is automatically revoked upon employment termination. Any additional access requires approval as per app-specific policies.

Data Privacy

Vurbalize prioritizes data privacy and aims to responsibly manage all sensitive data.

Regulatory Compliance

Vurbalize is SOC 2 compliant and continually reviews updates to regulations and evolving frameworks to refine our program.