Security
Our Commitment to Security
Vendavo is fully committed to providing highly secure commercial excellence solutions for your enterprise.
With over 25 years of experience supplying enterprise software to some of the largest companies worldwide, we recognize the critical importance of security, compliance, and privacy in today’s digital landscape. Vendavo has built its Information Security Management System (ISMS) to adhere to the highest industry standards, ensuring comprehensive protection through modern SaaS DevSecOps best practices and continuous improvement of our security measures.
Security
Cloud Security. Vendavo utilizes the top cloud providers with N+1 redundancy and broad range of audits and certifications. There is 24x7x365 managed physical and infrastructure security and strict access control measures. We apply HA architecture principles and align our deployment model with the provider recommended best practices. Customer data are regularly backed up and tested for restorability and our business continuity program is aligned with the international standard ISO 22301.
Portfolio Security. Vendavo adopts industry standard SaaS secure software lifecycle practices, including security design and code reviews, static and dynamic testing, vulnerability scanning and independent penetration tests. We apply stringent security measures including robust and widely recognized standards for encryption at rest and in transit, customer data segmentation controls in multi-tenant applications, and fine-grained and customizable RBAC/ABAC. User access supports SSO integration with customer identity management systems.
Operational Security. Customer workloads, critical company infrastructure and employee computers are protected by robust EDR/XDR solution with 24x7x365 Security Operations oversight. Vendavo applies system and infrastructure hardening procedures, network segmentation, perimeter defense including DDoS protection via firewalls, load balancers, and WAFs. We run regular internal and external vulnerability scans and implemented systematic patch management program. Privileged access entitlement is limited to key Operational personnel, subject to senior management approval and regularly reviewed.
Governance, Risk and Compliance. Our ISMS is built on top of international standard ISO 27001, we pass ISO and SOC 1, SOC 2 and SOC 3 Type II audits. We have aligned our practices with Cloud Security Alliance standards and published CAIQ self-assessment questionnaire. Our Security & Compliance Department drives the company ISMS, facilitates Risk Management program and oversees compliance across the company through regular internal audits and compliance reviews. Chaired by the CISO, Vendavo Security & Compliance Council, comprising from SLT members and key stakeholders from Customer Operations, IT, Legal, and Finance oversees the security program and key risks on bimonthly basis. Formal awareness program is in place for all employees and contractors with access to company systems and we run simulated adaptive phishing training.
Certifications and Compliance
- ISO 27001:2013 — Vendavo maintains certification to the international standard to manage information security.
- SOC 1 Type 2 Report — Vendavo conducts semi-annual audits to ensure controls over financial reporting.
- SOC 2 Type 2 Report — Vendavo conducts semi-annual audits to ensure control and management of customer data, covering the Security, Availability, Confidentiality and Processing Integrity Trust Services Criteria.
- SOC 3 –The SOC3 report, which is based on the SOC2 examination, is issued annually and available for download. Customers who would like a copy of the Vendavo SOC 1 and/or SOC 2 reports, please contact your Customer Success Manager or Vendavo Support.
- TISAX Level 2 – Vendavo has certified information security controls appropriate for the automotive industry
- CSA Security, Trust & Assurance Registry (STAR) — Vendavo has published our completed CSA Consensus Assessments Initiative Questionnaire (CAIQ) self-assessment in the CSA STAR Registry to document best practice compliance.
- Privacy – Vendavo enables your compliance with leading global privacy regulations, including EU & UK GDPR, and California CPRA, ensuring that your data is handled with the utmost care and in accordance with strict legal requirements.
