Data Security and Privacy
What personal information is stored
The VTEvents system is capable of storing a range of personal information, from name and address details, through to date-of-birth, dietary requirements, skills & qualifications you may have (specific to each customer), and more, depending what a customer & their staff choose to enter, their needs and operational requirements.
Much of this information is of a personal and confidential nature, and should be treated as such, with appropriate access controls utilised to restrict whom can view in-depth information, in additional to general reports which are available.
How customer data is stored
Customer data is stored in a database in Sydney Australia in an encrypted, redundant and backed up manner.
Uploaded files and documents are also stored in an encrypted manner & redundant manner (copies are stored in multiple locations)
How customer data is used
It's upto each customer as to what they would like to enter & store on VTEvents, and how they would like to then use that information & what reports they would like to utilise, in order to run their business.
We recognise each business & user is different, and try to make it easy for the information entered to be reported on easily, whilst maintaining a balance between business needs & personal privacy. In many instances, this means that accessing some information is restricted to those with certain access levels & permissions, or limiting access to people with the need to do-so - ie. giving access to emergency contact information for people in charge of specific events.
Customer data is limited for use only by the customer themselves, and automated processed which maintain customer data (eg. updating qualifications, sending expiry reminders, etc), and each business has full control & responsibility of their users & the permissions those users are assigned.
Measures taken to protect customer data
Wherever possible, we recommend and implement measures to improve and strengthen information security, and will continue to do-so on an ongoing basis.
These include;
Recommendations & requirements on the use of strong passwords
MFA - Availability of 2-factor-authentication for additional login security, as well as controls for which users must use MFA (multi-factor authentication) / 2FA (2 factor authentication) - ie. you can require all managers and admins to use multi-factor authentication.
Processes for account lockout (eg. when too many attempts to login are made)
In-depth permissions & access controls
Simplifying management of permissions utilising permission profiles, rather than person-by-perso
From a technical stand-point;
All information is sent to & received from VTEvents in a secure manner, utilising SSL / HTTPS
Databases & backups are encrypted on the servers they’re stored on (more info on AWS RDS encryption)
Documents such as uploaded event photos, records, post-event documents/files, and documents uploaded to a persons records are stored in an encrypted manner (more info on AWS S3 encryption)
A web application firewall is in-use (more info on Amazon WAF) as one of many layers of security which is implemented
The VTEvents platform is routinely updated with additions, new features, changes to address any security risks, and in response to any issues (however small or large) which may have been encountered. These are done in a seamless way which generally will go completely unnoticed, without any disruption or pause to your work - we strive to ensure you can get on with your work and do what you do best.
What backups & redundancy is implemented to minimize disruptions?
There are a number of things which have been implemented to minimise disruptions:
Redundant servers in different physical locations
Documents uploaded are saved across multiple physical locations to increase resilience.
Utilising Amazon Web Services for hosting the VTEvents platform leverages industry experts to manage & maintain the underlying infrastruture
Regular database backups are performed
Software updates are designed to be seamless, without any disruption or pause to your work
Where is our information and data physically stored?
All data and files are stored in Sydney, Australia.
What access, modification logs and auditing are available?
Modification logs are kept for any changes which are done in the platform, allowing your users, staff and administrators to look back over the history of changes to see whom has done what, and when.
Email and SMS communication is also logged & stored for a period of time, allowing easy access to see what was sent to whom & when, which has proved itself invaluable in ensuring the right people are sent the right information, and at the right time. This includes email communications to clients, and staff/volunteers alike.
Access logs are also kept when client and staff/volunteer information is accessed, allowing staff and admins to quickly acertain whom has accessed information, and when.
How do you ensure compliance to any relevant legislation and regulations
To the best of our knowledge, VTEvents complies with the laws and regulations of Victoria, Australia, with appropriate actions being taken as these evolve and change in the future.