Get in Touch
Legal

Miscellenous Security Policy

Effective date: October 1, 2018

Vanco Technologies ("us", "we", or "our") operates the vancotech.com website and the Merlin mobile application (the "Service").

This page informs you of our policies regarding the security of our systems, data, information and processes

Risk Assessment, Mitigation & Monitoring Policies

Vanco Technologies will conduct regular and systematic risk assessments to identify, evaluate, and document information security risks. We will utilize standardized risk assessment methodologies to ensure consistent and thorough evaluations.

We have implemented appropriate risk treatment plans to mitigate identified risks to acceptable levels. Prioritize risk treatments based on their potential impact and likelihood and allocate resources accordingly.

Continuously monitor and review risks and the effectiveness of risk treatments. Establish key risk indicators and conduct regular audits to ensure ongoing risk management effectiveness.

Incident Response and Management

To develop and maintain an incident response plan to address information security incidents promptly for each of the client engagements and each of the software solutions. Ensure the plan includes procedures for detection, reporting, response, recovery, and post-incident analysis.

Employee Awareness and Training

Vanco Technologies provide regular information security training and awareness programs for all employees. Tailor training to the specific roles and responsibilities of employees and include updates on new threats and best practices.

Access Control

Vanco Technologies implements strict access control measures to protect sensitive information. The data access is controlled by the least privilege principle. The data access mechanism is always based on 2 factor authentication.

Data Protection and Privacy

Vanco Technologies ensures the confidentiality, integrity, and availability of sensitive data. We utilize encryption, data masking, and other data protection techniques to safeguard information.

Third-Party Risk Management

Vanco Technology will assess and manage risks associated with third-party vendors and partners. This includes security requirements in contracts and conduct regular security assessments of third parties.

Compliance and Legal Requirements

Vanco Technologies adheres to all relevant legal, regulatory, and industry-specific information security requirements. We will stay informed of changes in regulations and ensure compliance through regular audits and assessments.

Continuous Improvement

Vanco Technologies foster a culture of continuous improvement in information security risk management practices. We encourage feedback, conduct regular reviews, and adapt policies and procedures to evolving threats and technologies.

Information Classification

Vanco Technologies classifies all information assets according to their level of sensitivity and criticality. We define clear classification categories (e.g., Public, Internal, Confidential, and Restricted) and provide criteria for assigning information to these categories. We ensure that the classification is periodically reviewed and updated.

Information Handling

Vanco Technologies establishes the procedures for each classification level to ensure appropriate protection throughout the information lifecycle. We define specific handling requirements for storage, transmission, access, and disposal of information based on its classification. Implement technical and administrative controls, such as encryption for Confidential and Restricted information, to safeguard sensitive data.

Mobile Device Policy

Ensure all mobile devices accessing organizational data meet specific security standards. Require devices to have strong passwords or biometric authentication, enable device encryption, and ensure that operating systems and applications are kept up-to-date with the latest security patches.

Define acceptable use and access controls for mobile devices to protect organizational data. Implement policies restricting access to sensitive data based on user roles, enforce the use of secure connections (e.g., VPNs) for remote access, and prohibit the installation of unauthorized applications.

Establish procedures for responding to lost, stolen, or compromised mobile devices. Require immediate reporting of lost or stolen devices, implement remote wipe capabilities to erase organizational data, and regularly review and update incident response plans to address mobile device threats.

Inventory Management

Maintain a comprehensive and up-to-date inventory of all software and hardware assets, both physical and virtual. Document detailed information for each asset, including ownership, location, configuration, lifecycle status, and any associated licenses. Use asset management tools to automate and streamline inventory tracking and updates.

We have defined procedures for procurement, deployment, maintenance, and decommissioning of assets. We ensure the secure disposal of hardware assets, including data wiping and physical destruction when necessary, and manage software licenses to avoid compliance issues.

We established strict access control and usage policies for software and hardware assets to protect organizational resources. We assign access rights based on user roles and responsibilities, enforce the use of approved hardware and software only, and regularly audit asset usage to ensure compliance with organizational policies and licensing agreements.

Threat and Vulnerability Management

Vanco Technologies conduct regular threat and vulnerability assessments to identify potential security weaknesses. We schedule frequent scans and assessments using automated tools and manual methods. We do prioritize and document identified threats and vulnerabilities, and ensure they are evaluated for potential impact on the organization.

Vanco Technologies implement a robust patch management process to promptly address identified vulnerabilities. We have procedures for the timely application of security patches and updates to all software and hardware. We prioritize remediation efforts based on the severity of vulnerabilities and the criticality of affected systems. Monitor and verify the effectiveness of applied patches. We have subscribed to threat intelligence feeds.

Access Control Management

Vanco Technologies enforces the strict access control and authentication measures for all privileged accounts. We have implemented multi-factor authentication (MFA) for accessing privileged accounts. We ensure that privileged access is granted based on the principle of least privilege, limiting access to only what is necessary for the user's role. Regularly review and adjust access permissions to reflect current roles and responsibilities. We continuously monitor and audit the use of privileged accounts to detect and respond to any unauthorized or suspicious activities.

We have deployed the logging and monitoring tools to track all activities performed using privileged accounts. Conduct regular audits of privileged account usage, review logs for unusual or unauthorized actions, and respond promptly to any identified issues. Maintain detailed records of all access and changes made using privileged accounts.

We have procedures in place for the creation, maintenance, and deactivation of privileged accounts. We ensure that accounts are created with unique, strong passwords and are deactivated promptly when no longer needed or when an employee leaves the organization. We regularly review and update privileged account credentials to minimize the risk of compromise.

Password Management

Vanco Technologies follows certain password standards which all of its users must follow.

Passwords are expired every 90 days, which shall be changed by its users.

Password must be combination of characters, numbers, special characters & upper/lower case combination of characters having length between 8 to 15.

Each user is responsible to maintain their own passwords. The password cannot be shared by to anyone else. Password should not be written on paper.

Each organization who are using the sfotware solution by Vanco Technologies, are responsible to manage the accounts of their employees.

Oranizations are responsible to inform Vanco Technologies to deactivate their employee accounts as soon as they are no longer part of their organization / business unit.

System Configuration Policy

Vanco Technologies maintain the security baselines for all system configurations to ensure consistent and secure deployment of hardware and software. We have baseline configurations for different types of systems, including operating systems, applications, and network devices. Baselines include settings for system services, user permissions, and security controls. We regularly review and update baselines to incorporate the latest security patches and best practices.

Vanco Technologies implements system hardening measures and continuously enforce compliance with established security baselines.

System Monitoring

Vanco Technologies have implemented comprehensive logging to capture and retain logs of all critical system activities and security events. We ensure that logs capture key events such as user access, changes to system configurations, application errors, and security incidents. Logs include relevant details such as timestamps, user IDs, and the nature of the activity.

We monitor logs and system activities to detect and respond to security incidents. We have set up automated alerting mechanisms to notify security personnel of potential incidents. We regularly review monitoring configurations to ensure they are effective at identifying threats and adapt them as new threats emerge.

Anti-virus Management

Vanco Technologies have deployed anti-virus and anti-malware software on all endpoint devices and ensure regular updates to maintain protection against the latest threats. We have installed reputable anti-virus and anti-malware solutions on all desktops, laptops, servers, and mobile devices. We have configured the antivirus tools to receive automatic updates and signature files from their respective vendors to ensure they can detect and mitigate the latest threats. We regularly verify that all systems are running the latest versions and updates of the anti-virus software.

We have enabled real-time scanning to monitor and protect against threats continuously and conduct periodic full-system scans to identify any hidden malware. We have configured anti-virus and anti-malware software to perform real-time scanning of all files and activities, ensuring immediate detection and response to any potential threats.

Data Encryption

Vanco Technologies encrypt all sensitive data using AES 256 to ensure confidentiality and protection against unauthorized access. We have implemented AES 256 encryption for data at rest and in transit across all systems and applications handling sensitive information. We ensure that encryption keys are generated, stored, and managed securely, following best practices for key management. We regularly audit encryption processes to verify compliance and effectiveness.

We establish robust key management practices and regularly rotate encryption keys to maintain data security. Utilize a secure key management system to handle the generation, distribution, storage, and destruction of AES 256 encryption keys. Implement key rotation policies to periodically change encryption keys, minimizing the risk of key compromise. We ensure that key rotation does not disrupt business operations and that old keys are securely archived or destroyed. We regularly review and update key management practices to align with the latest security standards and regulations.

All the encryption keys must be changed every 90 days. Keys must be 2048 length random characters.

Business Continuity and Disaster Recovery Management

Vanco Technologies conducts regular Business Impact Analysis (BIA) and risk assessments to identify critical business functions, potential threats, and vulnerabilities. We assess the potential impact of disruptions on business operations, prioritize critical systems and processes for recovery, and identify recovery time objectives (RTO) and recovery point objectives (RPO).

Vanco Technologies have a robust Disaster Recovery Plan (DRP) that outlines procedures for responding to and recovering from disruptive incidents. We have defined roles and responsibilities for personnel during a disaster, establish communication protocols, and document step-by-step procedures for data backup, system recovery, and continuity of operations. We update the plan regularly based on lessons learned from testing and actual incidents.

Change Management

Any emergency changes required in the application should be classified and retrospective review should be conducted with in couple of weeks into the Change Management process to enhance control and oversight of urgent modifications

Remote Access Management

Vanco Technologies have implemented strong authentication and authorization mechanisms for remote access to organizational resources. We require multi-factor authentication (MFA) for all remote access connections to verify the identity of users. Use secure protocols such as TLS/SSL for data encryption during transmission. We grant remote access privileges based on the principle of least privilege, ensuring users only have access to the resources necessary for their roles.

Vanco Technologies monitor and log all remote access activities to detect and respond to unauthorized or suspicious access attempts. We regularly review remote access logs to identify and investigate any suspicious activities promptly.

Europe Union GDPR Compliance

Vanco Technologies have GDPR compliance policies inplace for any of their Europe based customers. All the policies which are required to be compliant shall be implemented.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

By visiting this page on our website: vancotech.com