1. Security Program
Versotis maintains a risk-based security program with governance ownership, control accountability, and periodic review. Security responsibilities are integrated into operational and delivery processes.
2. Identity and Access
- Least-privilege and role-based access principles are applied.
- Access requests, approvals, and revocations follow documented workflows.
- Administrative access is restricted and monitored.
- Authentication controls are strengthened with multi-factor mechanisms where supported.
3. Data Protection
- Encryption in transit is applied for modern web traffic and service integrations.
- Data minimization and purpose limitation are embedded in processing design.
- Retention and deletion controls are aligned with contractual and legal obligations.
- Sensitive data handling follows classification and restricted-access rules.
4. Network and Endpoint Security
We apply layered security measures such as segmentation, hardened configurations, endpoint protection controls, and patch management processes to reduce exposure.
5. Secure Development
- Security requirements are incorporated into design and implementation phases.
- Code and dependency risk checks are performed as part of delivery workflows.
- Identified issues are triaged and remediated based on risk severity.
6. Vendor and Supply Chain
Third-party providers are assessed according to service criticality and data risk. Contracts include security and privacy obligations appropriate to the processing context.
7. Logging and Monitoring
We maintain operational and security telemetry to support threat detection, investigation, and service reliability analysis.
8. Incident Response
We maintain incident response procedures covering detection, containment, eradication, recovery, and post-incident review. Notification handling is aligned with applicable contractual and legal obligations, including PDPA and GDPR contexts where applicable.
9. Continuity and Recovery
Continuity planning includes backup strategy, recovery workflows, and service restoration priorities proportionate to operational requirements.
10. Vulnerability Disclosure
If you identify a potential security issue, please report it responsibly to contact@versotis.com with sufficient detail to reproduce. We request good-faith testing and coordinated disclosure.
11. Assurance and Review
Security controls and policies are reviewed periodically and adapted to evolving threats, legal requirements, and customer risk expectations.
12. Security Contact
For security inquiries or disclosure reports, contact contact@versotis.com.
13. Changelog
- 2026-05-28 (v1.0): Initial public release of Security Overview.
This page provides a high-level overview and does not replace contractual security schedules or detailed control attestations.