Security update: penetration testing complete and new features

VinciWorks is committed to the highest cyber-security and data protection standards in all of its products. We have published guidance on the EU GDPR and a new cyber security course will be released next month.

Below are a number of updates and feature enhancements that ensure strict levels of information security.

New security feature – force password reset

Administrators can now enforce a stricter password policy across the organisation. If users were using generic or simple passwords, administrators can now force password reset on next login. To activate this feature contact your VinciWorks representative.

Penetration test complete

As a part of a periodic security tests routine, VinciWorks regularly performs penetration tests by independent security companies who conduct both a grey-box and black-box review. The goal of these tests is to simulate external invasion to VinciWorks infrastructure and application levels, in order to examine the soundness of the existing security and defense methods and to locate weaknesses in the communication, application, database and operating system levels that are available to potential attackers.

The latest test was completed in May 2016.

Results

Our system has been found to meet the security criteria recommended by the OWASP and WASC methodologies. Based on the results of testing and verification we can confirm that there are no high, medium, or low open vulnerabilities at this time.

Committed to high security standards

The SSL signature algorithm we use on the RMS and the LMS is SHA256withRSA, which is a published standard that has been reviewed and accepted by the cryptology community. We have disabled weaker standards such as SSL 3 and we use HTTP Strict Transport Security (HSTS) to force clients to use the highest encryption standards. Our SSL connection scores A+ in an independent test by SSL Labs.

In addition, we take many security measures to ensure the integrity and confidentiality of the data. Click here to learn more about our commitment to security.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”