Virtual Technologies Group, LLC. Information Security Statement
Effective date: October 5th, 2023
Our security program is supported by management
Virtual Technologies Group, LLC. (“VTG”) understands that it’s customers trust us as a managed services provider (MSP), in order to maintain the trust and confidentiality of our customers, our team is committed to securing our infrastructure from both known and unknown threats. VTG follows guidelines based on the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”) and SOC 2 standards. The program is supported by management and maintains oversight of our infrastructure.
Data security starts with infrastructure
VTG assets are protected by a well known Managed Endpoint and Response vendor 24/7. We operate out of Geo-Redundant Co-location Data Centers that are audited to the SOC 2 standard, as well as Microsoft Azure Cloud. Sensitive information is protected by TLS while in transit, and AES encryption at rest.
Only limited VTG employees have access to our data centers, and access is enforced via biometric authentication for access.
We care about user information
Only secure protocols are used to access systems with user information, protecting that data while in transit. Host based access is limited to least privilege and tracked via our ticketing and change management systems. Activity is monitored triggering alerts on suspicious behavior and server configuration integrity changes.
Personnel are qualified and trained
All personnel must complete yearly security awareness training and are continuously tested throughout the year.
Our user onboarding process requires all new employees to complete basic cybersecurity training, background checks, and are assigned least privilege access. Only upon role requirement are users upgraded following their initial training.
Managing vulnerabilities intentionally
New code is automatically scanned for security vulnerabilities.
VTG performs regular internal and third-party external infrastructure scans and code base scans, evaluates the identified vulnerabilities, and prioritizes remediation according to risk.
Workstations are managed and have endpoint protection utilities. Patching is configured with rollout policies on a regular basis, our security team monitors CISA and other industry standard feeds for known exploitation events and attempts to protect both our assets and our customers.
Vendor Risk Assessments
VTG conducts risk assessment on vendors and third parties before using their products or services. Data privacy clauses are evaluated and are an important control to assessing our risk. Assessment is repeated annually.