Help Center Home

VisibleThread -
Help Center Find helpful articles on different VisibleThread Products

  1. VisibleThread Help Center
  2. VT Docs
  3. VT Docs - Documentation
Follow

VisibleThread Cloud Security Policy

VisibleThread Cloud Security Statement

Note: This article applies to VisibleThread cloud hosted solutions. VisibleThread products are also available as on-premise solutions. For more details on deployment options see here: https://support.visiblethread.com/hc/en-us/articles/214225686

 

Overview

VisibleThread (VT) is committed to protecting your information. We take the measures outlined below to ensure the privacy of your data for our products including; ‘VT Docs’, 'VT Writer' and 'VT Insights'. The rest of this document covers security elements for these product lines.

Applicability

This policy applies to the following VisibleThread products:

  • VT Docs - on demand
  • VT Writer - on demand
  • VT Insights - on demand

 

Hosting

VisibleThread Cloud servers are hosted in North Virginia  USA by AWS.

Secure Communication

All communication between the user and the VisibleThread cloud server is encrypted over SSL/HTTPS. Any attempt to connect over HTTP is redirected to HTTPS.

Password Encryption

Your VisibleThread password is protected by encryption. Once a user has successfully authenticated with the server, a secure cookie is used to identify that user for the lifetime of the session.

Account Isolation

All customer data on our cloud servers is treated as confidential. Each account or sandbox on the VisibleThread servers operates in isolation. Your data is private to you and other users in your sandbox. No data, or user credentials are shared between sandboxes.

Data Submitted for Analysis

Subscribers to our products may upload documents or specify webpages for analysis. Or they may use our Services to analyze plain text.

If Subscribers upload documents or text that contains personal information, then Subscribers are solely responsible for the correct handling of that personal information.

We will not share, sell or exchange any data submitted for analysis to any 3rd party. To avoid doubt, this includes any documents, web pages or text that you upload.

Our internal technical support team may occasionally review this data. But only with the express purpose of resolving customer issues or to diagnose potential product issues.

Intrusion Prevention

The VisibleThread cloud servers operate behind a firewall designed to prevent unwanted intrusion.

Console access to the servers is restricted via IP and secure certificates.

Anti-Virus

All VisibleThread cloud servers are actively scanned with up to date anti-virus scanners.

Backups

Our cloud servers are backed up on a daily basis. Backups are transferred offsite over secure SSH.

Secure Development Best Practices

The VisibleThread application development teams follows many OWASP (https://www.owasp.org ) secure coding guidelines and run regular Vulnerability and Intrusion Detection Scans on the VisibleThread test servers.

Secure Coding

VisibleThread follows the OWASP secure development guidelines. We mandate usage of secure development libraries/patterns to prevent common attack vectors e.g. injection(DB, javascript), CSRF, XSS. We scan our software with SonarQube and Tenable.io for vulnerabilities, and we conduct 3rd party penetration tests at least annually.

Was this article helpful?
0 out of 0 found this helpful

Get Additional Help

Visit our Helpdesk for additional help and support.