Security

The security of your data and earning your trust is core to VICTVS culture, processes and everything we build.

1.       Data encryption in transit and at rest

VICTVS V3 supports the latest recommended secure cipher suites and protocols to encrypt data in transit.  Customer data is encrypted at rest.

We work hard to maintain best practices for encryption and disable support for older encryption standards that are no longer considered strong.  This is one reason that we drop support for older browsers. 

2.       Data centre security

VICTVS V3 and your data is hosted on servers provided by Microsoft Azure, Sub6 and Clook Internet, a UK-based Infrastructure as a Service (IaaS) and hosting provider.  Sub6 take physical and network security seriously.  Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. 

Sub6 and Clook maintain multiple certifications for its data centres, including (at the date of this agreement) ISO 27001 compliance, PCI Certification, and SOC reports.

3.       Access control

You choose who to invite to your VICTVS V3 account and the permissions they have.  On rare occasions, it may be that we can better assist in investigating a problem you are having with VICTVS V3 if we can access some part of your data in readable form.  We always ask your permission before taking this action and the process requires authorisation and co-ordination across multiple personal and security layers internally.

4.       Internal controls

We have strict internal policies and processes to keep our team and their equipment safe, to protect our assets, and to limit access to sensitive systems and infrastructure to key staff on a needs-only basis.

5.       Backup and availability

Our systems automatically replicate your data across multiple locations in real-time to maximize availability.  Data is also constantly backed up to ensure we can restore access to your data and the service in the unlikely event that the data replicas in all locations fail at once.  Our monitoring alerts us to any trouble and we have staff on-call 24/7 to resolve unexpected incidents.

6.       Updates and external review

We update VICTVS V3 most days and if you access VICTVS V3 via your browser you’re always on the latest version.  If you are using the VICTVS V3 mobile app, please ensure that you have set the app to automatically apply updates as we release them through the Apple App Store or Google Play.  This will help to ensure that you are using the most secure version of the app.  We monitor security advisories and other security community output closely.  We work promptly to upgrade the service to respond to potential new threats and vulnerabilities as they are discovered.  We work with certified independent specialists on a regular basis to undertake systems penetration testing and source code reviews.

7.       Concerns or want to contact us?

For concerns that are urgent or sensitive, please email us at support@victvs.co.uk