Security at Vantage Circle

Introduction

The objective of information security is to provide management direction and support for information security in accordance with Vantage Circle’s business requirements and administering laws and regulations. Information security policies are approved by the management, published, and communicated to all employees and relevant external parties. These policies will set out Vantage Circle’s approach to managing information security and will align with relevant state-wide policies.

Information security will be coordinated across different parts of the Vantage Circle with relevant roles and job functions. Information security responsibilities will be clearly defined and communicated. Security of Vantage Circle’s information assets and information technology that are accessed, processed, communicated to, or managed by external parties will be maintained.

Information security policies will be reviewed at planned intervals annually or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness. Each policy will have an owner who has approved management responsibility for the development, review, and evaluation of the policy. Reviews will include assessing opportunities for improvement of Vantage Circle’s information security policies and approach to managing information security in response to changes to Vantage Circle’s environment, new threats and risks, business circumstances, legal and policy implications, and technical environment.

GDPR

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don’t specifically market goods or services to EU residents.

The GDPR mandates that EU visitors be given a number of data disclosures. The site must also take steps to facilitate such EU consumer rights as a timely notification in the event of personal data being breached. Adopted in April 2016, the Regulation came into full effect in May 2018, after a two-year transition period.

GDPR at Vantage Circle

Vantage Circle is committed to general data protection regulation (GDPR) which has come into effect from 25th May 2018. Vantage circle products and services offered are GDPR ready and a DPA provides our customers with the necessary documentation of this Readiness. The Data Processing Agreement (“DPA”) is an addendum to the Customer Terms of Service (“Agreement”) between Bargain Technologies Pvt. Ltd. (Vantage Circle) and the Customer. Customer enters into this DPA on behalf of itself and, to the extent required under Data Protection Laws, in the name and on behalf of its Authorized Affiliates.

ISO 27001:2013

Vantage Circle is ISO 27001:2013 certified and we are continuously committed to identifying threats, assessing all kinds of risks, and implementing controls that help us to comply with the best industry standards.

The goal of ISO 27001 is to protect the three aspects of information:

  • Confidentiality: Valid Authorized Personnel can only access the information.
  • Integrity: Valid Authorized Personnel can change the information.
  • Availability: Information is accessible to authorized persons whenever it is needed.

Physical Security

The objective of physical and environmental security is to prevent unauthorized physical access, damage, theft, compromise, and interference to Vantage Circle’s information and facilities. Locations housing critical or sensitive information or information assets will be secured with appropriate security barriers and entry controls. They will be physically protected from unauthorized access, damage, and interference. Secure areas will be protected by appropriate security entry controls to ensure that only authorized personnel are allowed access. Security will be applied to off-site equipment. All equipment containing storage media will be checked to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal in compliance with statewide policies.

Vantage Circle is hosted on Digital Ocean (Cloud Service Provider) and infrastructure. Employees at Vantage Circle do not have any physical access to the production servers. Digital Ocean provides their customer with the best physical security controls built to meet the requirements of the most security-sensitive organizations as per their declarations in Annex B – Security Measures.

Server Security

Password-based authentication is vulnerable to a brute-force attack. So, password-based authentication is disabled to our production servers. Instead, public-private key pair is generated on the accessing machines and placed in the appropriate place in the servers. As such, the servers are accessible from these particular machines only. Also, database servers can be accessed only from application servers.

Access Control

Access to information, information systems, information processing facilities, and business processes will be controlled on the basis of business and security requirements. Formal procedures will be developed and implemented to control access rights to information, information systems, and services to prevent unauthorized access. Users will be made aware of their responsibilities for maintaining effective access controls, particularly regarding the use of passwords. Users will be made aware of their responsibilities to ensure unattended equipment has appropriate protection. A clear desk policy for papers and removable storage devices and a clear screen policy will be implemented, especially in work areas accessible by the public. Steps will be taken to restrict access to operating systems to authorized users. Protection will be required commensurate with the risks when using mobile computing and teleworking facilities.

  • All cloud servers will be locked from password access and only be allowed through digital certificates.
  • Digital certification for production access will be changed from time to time.
  • Password for Vantage Circle admin interface will be changed every 3months.

Data Storage & Redundancy

Vantage Circle uses Managed Mysql Database Hosted at Digital Ocean Data Centers. As Data is critical, Digital Ocean ensures that data is backed up automatically every day. Data can be restored data to any point within the previous seven days.

Monitoring

Vantage Circle uses several monitoring services to make sure the servers and the environmont is secure. The services alert us via email for any abnormalities in our servers.

Compliance

The design, operation, use, and management of information and information assets are subject to statutory, regulatory, and contractual security requirements. Compliance with legal requirements is necessary to avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements. Legal requirements include, but are not limited to: state statute, statewide and Vantage Circle policy, regulations, contractual agreements, intellectual property rights, copyrights, and protection and privacy of personal information.

Controls will be established to maximize the effectiveness of the information systems audit process. During the audit process, controls will safeguard operational systems and tools to protect the integrity of the information and prevent misuse.

Disclosure

At Vantage Circle, we are continually working towards making our system secure. If you find any issues or have any queries regarding our security, please write to us at support@vantagecircle.com. We will make sure it gets addressed.