VisibleThread Cloud Security Statement
Last updated - Jan 2016
Note: This article applies to VisibleThread cloud hosted solutions. VisibleThread products are also available as on-premise solutions. For more details on deployment options see here: https://support.visiblethread.com/hc/en-us/articles/214225686
VisibleThread is committed to protecting your information. We take the measures outlined below to ensure the privacy of your data for both our document analysis product ‘VisibleThread Docs’ and our web content analysis product ‘VisibleThread Web’. The rest of this document covers security elements for both product lines.
This policy applies to the following VisibleThread products:
- VisibleThread Docs - on demand
- VisibleThread Web - on demand (aka Clarity Grader)
Data Center Security
The VisibleThread cloud servers are hosted by Rackspace (NYSE) www.rackspace.com. These servers are located in the continental USA. Rackspace have been awarded the ISO 27001, PCI-DSS , ISAE 3402, SSAE16 Type II SOC1, SOC2 and SOC3 certifications. They provide comprehensive physical and operational security procedures to secure access to our servers.
All communication between the user and the VisibleThread cloud server is encrypted over SSL/HTTPS. Any attempt to connect over HTTP is redirected to HTTPS.
Your VisibleThread password is protected by encryption. Once a user has successfully authenticated with the server, a secure cookie is used to identify that user for the lifetime of the session.
All customer data on our cloud servers is treated as confidential. Each account or sandbox on the VisibleThread servers operates in isolation. Your data is private to you and other users in your sandbox. No data, or user credentials are shared between sandboxes.
The VisibleThread cloud servers operate behind a firewall designed to prevent unwanted intrusion.
Console access to the servers is restricted via IP and secure certificates.
All VisibleThread cloud servers are actively scanned with up to date anti-virus scanners.
Our cloud servers are backed up on a daily basis. Backups are transferred offsite over secure SSH.
Secure Development Best Practices
The VisibleThread application development teams follows many OWASP (https://www.owasp.org ) secure coding guidelines and run regular Vulnerability and Intrusion Detection Scans on the VisibleThread test servers.