Understanding Security and Privacy at Vasion
Managing our customer data is more than just a responsibility to be met, it’s something our company is truly passionate about. We believe our customer’s trust is something that must be earned every day. To achieve that, we do more than just follow policies and checkboxes, we instill awareness and best practices in our culture so that security and data privacy are top of mind when designing our application, managing our networks, and conducting daily business operations.
Certifications
ISO 27001:2022
Vasion’s Print SaaS solution has gone through the extensive process of becoming ISO-compliant to better meet our customers’ business, legal, and regulatory requirements. As a globally-recognized security program, maintaining an ISO certification shows a commitment to executing high-quality security practices and improving our security posture through defined processes and documentation. Mitigate risk to your data and rest assured your data is safe with us.
An AWS Well-Architected Partner
Audited and certified by AWS, Vasion Print exhibits expertise in building innovative solutions, implementing airtight security practices, and making constant improvements to fit the current and future needs of your business. Our centralized, direct IP printing solution leverages the AWS Well-Architected framework to adapt with your ever-growing security needs and power your business’s mission-critical infrastructure.
SOC 2 Type 2 Compliant Solution
Discover more about our security monitoring in the Vasion Trust Center.
How Vasion Solutions Protect Your Data
Physical Security
Vasion is exclusively hosted on AWS who provides robust, physical data center security and environmental controls. Vasion’s corporate offices all require badge access for entry, maintain video surveillance, and require all visitors to sign in and be accompanied when present.
Network Security
Vasion controls access to our production networks through the use of strictly-defined rules and SSO and multi-factor authentication as well as encrypted connections. We also utilize intrusion detection systems in our production network.
Application Security
Vasion employs both internal and external testing of our product. We regularly scan source code and systems for vulnerabilities and perform necessary patching and updates based on those results. Bi-annually Vasion employs an outside firm to test the security of our SaaS offering.
Training and Awareness
Vasion requires all employees and contractors to sign a confidentiality agreement prior to commencement. Security awareness training is conducted year-round including bi-annually for the engineering teams and during the onboarding process for new hires. Vasion publicizes security alerts on our website to educate our customers.
Backup and Disaster Recovery
Vasion utilizes geographically separate environments to ensure data availability and uptime. In the unlikely event of simultaneous failure of those environments, Vasion maintains daily backups which are used to restore production in a different region.
Data Protection
Vasion encrypts data in transit via TLS 1.2 and at rest with AES 256 on our servers utilizing recognized encryption protocols.
Vasion Security FAQ
How does Vasion comply with global privacy laws, and in particular, the General Data Protection Regulation or GDPR?
At Vasion, we have aligned our policies and practices with the General Data Protection Regulation (GDPR). Vasion complies with GDPR and helps its customers comply with GDPR through the mechanisms below
Are there appropriate safeguards?
Per Article 32 of the GDPR, we have in place appropriate technical and organizational measures (TOMs) to keep your data secure. These TOMs are included in our data processing addendum. Vasion uses the most up to date Standard Contractual Clauses (Module 2) as our data processing addendum. All data is securely stored in Amazon Web Services.
How do you honor Data Subject Rights?
We have processes in place to honor data subject requests. Vasion will export, correct, or delete contact data upon request by the customer. If we receive a request directly from a data subject, we will work with the customer to honor the request.
Does Vasion have a dedicated security team?
At Vasion, we consider every single employee to be a member of the security team, and are dedicated to keeping all of our data as well as all of our customers’ data secure. That said, we do have a dedicated security team, including a Director of DevOps and Security.
Do Vasion systems undergo regular penetration testing?
Yes. Vasion undergoes annual application penetration tests conducted by nationally recognized firms.
Does Vasion use any third parties in the process of providing services to customers?
Yes, Vasion uses AWS, as a managed services provider.
How often does Vasion conduct vulnerability scans?
Vasion continuously scans and monitors our production environment to detect possible intrusion and performs static and dynamic code analysis on a regular basis.
How can I report a security issue?
You can contact us via chat or email us at security@vasion.com.
Who at Vasion will have access to customer data?
Only employees who need to access data in order to help perform the services will access customer data.
Can a customer delete their data from Vasion or get their data out of Vasion?
Absolutely. Data can be deleted or we can deliver all data collected and stored on behalf of a customer to that customer.
Where is customer data hosted?
Vasion is a SaaS platform that is 100% cloud-based in Amazon Web Services. We do not operate our own physical servers, routers, load balancers, or DNS servers. All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from reaching our internal network. Vasion hosts data in geographic regions (EMEA, APAC, etc.) to satisfy compliance concerns.
Is customer data encrypted?
Whether data is being transferred or stored, all customer data is secured with the latest encryption algorithms and technologies.
How is customer data encrypted at rest?
At rest, all data lives within our Amazon Web Services (AWS) infrastructure. Resting data is encrypted using AWS-provided technologies, which use a symmetric AES-GCM encryption algorithm with 256-bit encryption keys. Encryption keys are stored separately from encrypted data using AWS’ Key Management System (KMS).
How is customer data encrypted during transit?
During transit, either externally or internally between Vasion services, data is encrypted using TLS 1.2 to ensure data protection at all times. Vasion SSL certificates are issued through AWS, and when Vasion sends data to third-party systems data is encrypted.
Is customer data backed up? Does Vasion have a disaster recovery plan?
Vasion utilizes geographically separate environments to ensure data availability and uptime. Vasion also maintains daily backups that are stored in AWS failover regions. In the unlikely event of simultaneous failure of both environments, Vasion can easily move to that failover region.
Who owns the data that customers collect and store through Vasion?
The customer owns all the data they have entered and stored using Vasion.
Does Vasion use customer data for purposes other than performing the services?
Vasion does not use personal data collected on behalf of a customer for any purpose other than to perform the services.
What types of personal data do customers collect and store through Vasion?
Vasion stores print job metadata and basic customer PII that includes username, name, email and IP address. This is used to provide our customers with usage reports and to conduct in-application NPS surveys.
Does Vasion sell data collected or stored on behalf of its customers?
No, Vasion will never sell customer data.
Does Vasion have any security certifications?
Yes. Vasion is ISO 27001:2013 certified.
Is Vasion a data controller or data processor?
With respect to the data collected and stored by our customers, the customer is the data controller, and Vasion is the data processor. We will enter into a Data Processing Agreement or DPA with any customer that requests one.
Does Vasion conduct due diligence around the data privacy and security practices of potential vendors, data processors and/or sub-processors?
Yes. Every new vendor must be vetted by the Legal and Security teams. This process includes completion of a detailed questionnaire, analysis of whether the vendor will have access to personal data, and security certifications.
Read More About Vasion Security
BLOG
PrinterLogic Achieves ISO 27001:2013 Certification
Find out how PrinterLogic’s ISO-compliant SaaS solution keeps you and your data protected.
Check It OutWHITE PAPER
PrinterLogic SaaS Security: A Technical Overview
Get in-depth security and operational details about PrinterLogic SaaS.
Check It OutZERO TRUST
Zero Trust Printing with Vasion Print
See how Vasion Print gives you the features you need to embrace a Zero Trust Architecture.
Check It Out