ACTIVE THREAT ADVISORY: Iranian state-sponsored APT activity is escalating. Vijilan is offering ThreatRespond at no cost to qualifying MSP/MSSP partners. See if you qualify

Pricing
Contact Us
Pricing
Book a Call
Pricing

Information Security at Vijilan

Our comprehensive security framework is built on the foundation of trust, transparency, and unwavering commitment to protecting our customers’ most critical assets.

Core Security Principles

Vijilan’s information security program is built upon the fundamental principles of the CIA triad, ensuring comprehensive protection of all information assets and customer data.

🔒 Confidentiality

Information is accessible only to authorized personnel who have a legitimate business need. We implement strict access controls, encryption, and data classification to ensure sensitive information remains protected.

🛡️ Integrity

Information can only be modified by authorized personnel through approved processes. We maintain data accuracy and completeness through comprehensive change management and audit controls.

⚡ Availability

Information and systems are available to personnel who require access when needed. We ensure business continuity through redundancy, disaster recovery, and robust infrastructure design.

Compliance and Certifications

Vijilan maintains compliance with industry-leading security standards and regulations, providing our customers with confidence in our security posture and operational excellence.

SOC 2 Type II

Independently audited security controls covering security, availability, processing integrity, confidentiality, and privacy.

ISO 27001

International standard for information security management systems (ISMS) demonstrating systematic approach to security.

HIPAA Ready

Comprehensive controls and procedures to support healthcare organizations' HIPAA compliance requirements.

PCI DSS

Payment Card Industry Data Security Standard compliance for handling cardholder data securely.

GDPR Compliant

Full compliance with European General Data Protection Regulation for customer data privacy and protection.

CMMC Ready

Cybersecurity Maturity Model Certification readiness for supporting Department of Defense contractors.

Information Security Program Scope
Our comprehensive information security program applies to all aspects of our operations and extends to our entire ecosystem:
Organizational Scope

  • All Vijilan Employees: Every team member is responsible for protecting company and customer information assets
  • Third-Party Vendors: Contractors and service providers must meet our security standards and undergo security assessments
  • Customer Environments: Security controls extend to all customer data and systems under our management
  • Business Partners: Channel partners and technology integrators participate in our security ecosystem

Technical Scope

  • Information Systems: All systems operated by Vijilan or contracted with third parties
  • Cloud Infrastructure: AWS-hosted environments with comprehensive security controls
  • Customer Data: All information provided by or collected from customers
  • Network Infrastructure: Complete network security including perimeter and internal controls

Risk-Based Security Approach
Vijilan employs a systematic, risk-based approach to information security that enables us to prioritize resources and focus on the most critical threats to our operations and customer data.
Risk Assessment Process

  • Asset Identification: Comprehensive inventory of all information assets and their business value
  • Threat Analysis: Regular assessment of current and emerging threats to our environment
  • Vulnerability Assessment: Systematic identification of potential security weaknesses
  • Impact Analysis: Evaluation of potential business impact from security incidents
  • Risk Treatment: Implementation of appropriate controls based on risk levels

Security Awareness and Training
Human factors are often the weakest link in cybersecurity. Vijilan maintains a comprehensive security awareness program to ensure all personnel understand their role in protecting information assets.
Training Program Components

  • Annual Security Training: Mandatory online security awareness training for all employees
  • New Employee Onboarding: Security awareness sessions during employee induction process
  • Role-Specific Training: Specialized training for employees with access to sensitive systems
  • Phishing Simulation: Regular simulated phishing exercises to test and improve awareness
  • Incident Response Training: Specialized training for security team members

Continuous Improvement
Security is not a destination but a journey. Vijilan is committed to continuously enhancing our security posture through systematic improvement processes.
Improvement Initiatives

  • Policy Enhancement: Regular review and update of security policies and procedures
  • Best Practice Alignment: Ongoing alignment with ISO/IEC 27001 and other industry standards
  • Proactive Security: Shift from reactive to proactive security measures
  • Measurable Security: Implementation of security metrics and KPIs for data-driven decisions
  • Technology Innovation: Adoption of emerging security technologies and methodologies

Legal and Contractual Compliance
Vijilan is committed to protecting sensitive information from unauthorized disclosure and ensuring compliance with all applicable legal and contractual requirements.
Regulatory Compliance

  • International Standards: Compliance with current international information security standards
  • Regional Regulations: Adherence to data protection laws in all jurisdictions where we operate
  • Industry Requirements: Compliance with sector-specific security requirements (healthcare, financial services, etc.)
  • Customer Contracts: Meeting all security obligations specified in customer agreements

Incident Response and Business Continuity
Vijilan maintains comprehensive incident response and business continuity capabilities to ensure minimal impact from security events and operational disruptions.
Incident Response Capabilities

  • 24×7 SOC: Round-the-clock security operations center with expert analysts
  • Automated Response: Advanced automation for rapid threat containment and remediation
  • Forensic Analysis: Digital forensics capabilities for incident investigation
  • Communication Plans: Structured communication procedures for stakeholder notification
  • Recovery Procedures: Comprehensive procedures for system and data recovery

Vendor Risk Management
Our supply chain security program ensures that third-party vendors meet our security standards and do not introduce additional risk to our operations or customer data.

Vendor Security Requirements

  • Security Assessments: Comprehensive security evaluations for all critical vendors
  • Contractual Obligations: Security requirements included in all vendor agreements
  • Ongoing Monitoring: Regular reassessment of vendor security posture
  • Incident Coordination: Procedures for managing security incidents involving vendors

Data Protection and Privacy

Customer data protection is at the core of our security program. We implement comprehensive controls to ensure customer information remains secure and private.
Data Protection Measures

  • Encryption: End-to-end encryption for data in transit and at rest
  • Access Controls: Strict role-based access controls with principle of least privilege
  • Data Classification: Systematic classification and handling of sensitive information
  • Retention Policies: Clear data retention and disposal procedures
  • Privacy by Design: Privacy considerations integrated into all system designs

Security Enforcement

Vijilan maintains clear enforcement mechanisms to ensure compliance with security policies and procedures across the organization.
Enforcement Mechanisms

  • Policy Violations: Disciplinary action for employees who violate security policies
  • Access Reviews: Regular review of user access rights and privileges
  • Security Audits: Internal and external audits to verify compliance
  • Performance Metrics: Security performance indicators tied to employee evaluations

If you have questions about our information security program or need to report a security concern,
please contact our security team:

Security Team: security@vijilan.com
Security Incidents: incident@vijilan.com
Compliance Questions: compliance@vijilan.com
Mailing Address:
Vijilan Security – Information Security Office
Aventura Onyx Tower
1010 S Federal Hwy Suite 1205
Aventura, FL 33180

Phone: 1-800-VIJILAN (1-800-845-4526)

For urgent security matters, please include “URGENT – Security Issue” in your subject line and call our 24×7 SOC at the number above.