In this article, we cover:
-
Best Practices: Protocols & Policies
-
Monitoring & Logging
-
Data Transfer & Networking
-
Data Storage, Access & Protections
-
Data Backups & Disaster Recovery
-
FAQs
-
Integrations / Certificates
-
Other Resources
At Visor, we believe that the cornerstone of trust is security. We work tirelessly to maintain that trust with our world-class systems and processes. As such, we have put in place the following procedures:
Best Practices: Protocols & Policies
Security is not just engineering. It’s maintaining strict procedures and reviews too.
- Full review of major initiatives by Visor Security Council (“VSC”) for threat assessment and security evaluation semi-annually
- Quarterly internal audit of systems and processes by Visor Security Council for security vulnerabilities and best practices
- Notification of known breaches to appropriate parties within 24 hours
Monitoring & Logging
Our operations team constantly monitors the health and security of our servers.
- Daily monitoring of system health and scanning of security vulnerabilities, both manual and automated
- Detailed access logs of every data transfer for monitoring and audit, and automated alerts around anomalous or root access
- Quarterly review of security monitoring procedures by VSC
Data Transfer & Networking
How our data travels: Encryption. Always.
- Industry-standard SSL encrypted communication for authentication and data communication with all servers
- Minimal data transfer by optimizing local data storage on customers’ machines
- Virtual Private Cloud configuration creates firewalls around our systems
Data Storage, Access & Protections
Who has access and what they see.
- We limit access to all systems and data on an as-needed basis
- All employees and contractors undergo strict vetting and are obligated not to disclose any customer data they may come into contact with
- Tight access controls and permissions, quarterly review by VSC
- Broad system-level permissions hierarchy, and granular data-level authorization tagging built-in
- All customer data stored in an encrypted data warehouse with anonymous key relationships
- All analytic data stored in an encrypted data warehouse without any personally identifiable information
Data Backups & Disaster Recovery
Data loss is not an option.
- Customer data is 100% backed up to online replicas
- Our operations team monitors platform and application behavior for anomaly detection
- All services are configured in automatic scaling groups that scale up to meet peak demand
- We will proactively notify you of any customer-impacting situation
FAQs
More info on our dedicated FAQs page:
Integrations / Certificates
Atlassian Security Self Assessment - Our Security Self Assessment was accepted on 10/19/21 by the Atlassian Marketplace.
We also delivered Updated Privacy & Security details to Atlassian on 9/7/23.
Other Resources
For more details on the sections from this document:
How we go about patching security vulnerabilities that are discovered in our application:
Outlines how we recover from a security incident should one arise:
Outlines how we make changes to Visor in a secure fashion: