VinciWorks is committed to the highest cyber-security and data protection standards in all of its products. We have published guidance on the EU GDPR and a new cyber security course will be released next month.
Below are a number of updates and feature enhancements that ensure strict levels of information security.
New security feature – force password reset
Administrators can now enforce a stricter password policy across the organisation. If users were using generic or simple passwords, administrators can now force password reset on next login. To activate this feature contact your VinciWorks representative.
Penetration test complete
As a part of a periodic security tests routine, VinciWorks regularly performs penetration tests by independent security companies who conduct both a grey-box and black-box review. The goal of these tests is to simulate external invasion to VinciWorks infrastructure and application levels, in order to examine the soundness of the existing security and defense methods and to locate weaknesses in the communication, application, database and operating system levels that are available to potential attackers.
The latest test was completed in May 2016.
Results
Our system has been found to meet the security criteria recommended by the OWASP and WASC methodologies. Based on the results of testing and verification we can confirm that there are no high, medium, or low open vulnerabilities at this time.
Committed to high security standards
The SSL signature algorithm we use on the RMS and the LMS is SHA256withRSA, which is a published standard that has been reviewed and accepted by the cryptology community. We have disabled weaker standards such as SSL 3 and we use HTTP Strict Transport Security (HSTS) to force clients to use the highest encryption standards. Our SSL connection scores A+ in an independent test by SSL Labs.
In addition, we take many security measures to ensure the integrity and confidentiality of the data. Click here to learn more about our commitment to security.