Home

SECURITY POLICY

Last Updated: July 24, 2025

PURPOSE

vlt technology inc. ("vlt") is committed to safeguarding the confidentiality, integrity, and availability of our systems, data, and user information. This Security Policy outlines the organizational, technical, and operational controls we implement to manage information security risks in compliance with applicable laws and best practices.

SCOPE

This policy applies to all employees, contractors, vendors, and partners who interact with vlt's systems, networks, or data—whether on-premises, remote, or cloud-based.

1. CORE PRINCIPLES

  • Confidentiality: We protect sensitive information from unauthorized access or disclosure.
  • Integrity: We ensure systems and data are accurate, complete, and unaltered by unauthorized actors.
  • Availability: We ensure authorized users have reliable access to information and systems when needed.
  • Accountability: Access is tracked and attributable to a single responsible individual.

2. SECURITY CONTROLS

2.1 ACCESS CONTROL

  • Role-based access enforced via least privilege.
  • All users receive unique credentials.
  • MFA (Multi-Factor Authentication) is required for high-risk systems.

2.2 AUTHENTICATION

  • Passwords must be complex and rotated periodically.
  • One-time passwords and encryption are used where appropriate.
  • Shared credentials are strictly prohibited.

2.3 DATA CLASSIFICATION & HANDLING

  • Information is classified as Public, Internal, Confidential, or Restricted.
  • Protected data is stored and transmitted only via approved secure systems.
  • Data retention follows predefined policies with automated purging where applicable.

2.4 NETWORK & INFRASTRUCTURE SECURITY

  • All traffic is encrypted (TLS 1.2+).
  • Cloud and on-prem infrastructure is segmented and hardened.
  • Regular vulnerability scans and automated patch management are performed.

2.5 MONITORING & LOGGING

  • Security events are logged and monitored continuously.
  • Anomalies are flagged for real-time alerting and triaged by our engineering team.
  • Audit logs are retained per compliance requirements.

3. INCIDENT RESPONSE

  • vlt maintains an Incident Response Plan covering:
    • Detection
    • Containment
    • Eradication
    • Recovery
    • Post-mortem review
  • All incidents are reported to our designated Security Officer within 24 hours.

4. BUSINESS CONTINUITY & DISASTER RECOVERY

  • Daily offsite and cloud backups are maintained.
  • Disaster Recovery plans are tested annually.
  • Critical systems have PITR of 30 days.

5. ENDPOINT & DEVICE SECURITY

  • All company-managed devices use full disk encryption.
  • Remote wipe is enabled on all company-managed mobile devices and laptops.

6. PHYSICAL SECURITY

  • Office access is badge-controlled.
  • Visitors must be escorted and logged.

7. THIRD-PARTY RISK MANAGEMENT

  • All vendors handling sensitive data must sign NDAs and pass security reviews.
  • Service providers must meet or exceed our security standards.
  • Contracts include data handling, breach notification, and termination clauses.

8. SECURITY AWARENESS

  • All team members undergo annual security training.
  • Engineers receive role-specific secure coding training.

9. COMPLIANCE

  • vlt adheres to applicable regulations (e.g. PIPEDA, GDPR, CCPA).
  • Internal policies are reviewed and updated annually.
  • Non-compliance may result in disciplinary action, up to and including termination.

QUESTIONS OR CONCERNS?

Please contact our Security Officer for questions, incident reporting, or clarification.