loader star

The Wait is Over, New Features are LIVE! Output automation, Web Print, Mobile Scanning and more.

Learn More

Security and Privacy at Vasion

Vasion Print, a Vasion solution, is continually improving its security posture to ensure that its solutions are always secure. Exceed compliance standards and protect your sensitive data under a single, cloud-native print management platform.

Understanding Security and Privacy at Vasion

 

Managing our customer data is more than just a responsibility to be met, it’s something our company is truly passionate about. We believe our customer’s trust is something that must be earned every day. To achieve that, we do more than just follow policies and checkboxes, we instill awareness and best practices in our culture so that security and data privacy are top of mind when designing our application, managing our networks, and conducting daily business operations.

Certifications

ISO 27001:2022

Vasion’s Print SaaS solution has gone through the extensive process of becoming ISO-compliant to better meet our customers’ business, legal, and regulatory requirements. As a globally-recognized security program, maintaining an ISO certification shows a commitment to executing high-quality security practices and improving our security posture through defined processes and documentation. Mitigate risk to your data and rest assured your data is safe with us.

View Vasion’s ISO 27001:2022 certification →

Image

An AWS Well-Architected Partner

Audited and certified by AWS, Vasion Print exhibits expertise in building innovative solutions, implementing airtight security practices, and making constant improvements to fit the current and future needs of your business. Our centralized, direct IP printing solution leverages the AWS Well-Architected framework to adapt with your ever-growing security needs and power your business’s mission-critical infrastructure.

AWS partner

SOC 2 Type 2 Compliant Solution

In order to help you better protect your data, improve compliance with industry regulations, and increase customer trust, Vasion Print is now certified as a SOC 2 Type 2 compliant solution. This rigorous security protocol shows our commitment to keeping your confidential information safe via airtight internal control policies. Working with a SOC-compliant SaaS solution reduces the risk of lawsuits and financial loss by providing an extra layer of protection to you and your customers.

*SOC certification applies to Vasion Print’s SaaS solution

Picture Content (2)

Discover more about our security monitoring in the Vasion Trust Center.

Learn More

How Vasion Solutions Protect Your Data

Physical Security

Vasion is exclusively hosted on AWS who provides robust, physical data center security and environmental controls. Vasion’s corporate offices all require badge access for entry, maintain video surveillance, and require all visitors to sign in and be accompanied when present.

Network Security

Vasion controls access to our production networks through the use of strictly-defined rules and SSO and multi-factor authentication as well as encrypted connections. We also utilize intrusion detection systems in our production network.

Application Security

Vasion employs both internal and external testing of our product. We regularly scan source code and systems for vulnerabilities and perform necessary patching and updates based on those results. Bi-annually Vasion employs an outside firm to test the security of our SaaS offering.

Training and Awareness

Vasion requires all employees and contractors to sign a confidentiality agreement prior to commencement. Security awareness training is conducted year-round including bi-annually for the engineering teams and during the onboarding process for new hires. Vasion publicizes security alerts on our website to educate our customers.

Backup and Disaster Recovery

Vasion utilizes geographically separate environments to ensure data availability and uptime. In the unlikely event of simultaneous failure of those environments, Vasion maintains daily backups which are used to restore production in a different region.

Data Protection

Vasion encrypts data in transit via TLS 1.2 and at rest with AES 256 on our servers utilizing recognized encryption protocols.

Vasion Security FAQ

How does Vasion comply with global privacy laws, and in particular, the General Data Protection Regulation or GDPR?

down chevron

At Vasion, we have aligned our policies and practices with the General Data Protection Regulation (GDPR). Vasion complies with GDPR and helps its customers comply with GDPR through the mechanisms below

Are there appropriate safeguards?

down chevron

Per Article 32 of the GDPR, we have in place appropriate technical and organizational measures (TOMs) to keep your data secure. These TOMs are included in our data processing addendum. Vasion uses the most up to date Standard Contractual Clauses (Module 2) as our data processing addendum. All data is securely stored in Amazon Web Services.

How do you honor Data Subject Rights?

down chevron

We have processes in place to honor data subject requests. Vasion will export, correct, or delete contact data upon request by the customer. If we receive a request directly from a data subject, we will work with the customer to honor the request.

Does Vasion have a dedicated security team?

down chevron

At Vasion, we consider every single employee to be a member of the security team, and are dedicated to keeping all of our data as well as all of our customers’ data secure. That said, we do have a dedicated security team, including a Director of DevOps and Security.

Do Vasion systems undergo regular penetration testing?

down chevron

Yes. Vasion undergoes annual application penetration tests conducted by nationally recognized firms.

Does Vasion use any third parties in the process of providing services to customers?

down chevron

Yes, Vasion uses AWS, as a managed services provider.

How often does Vasion conduct vulnerability scans?

down chevron

Vasion continuously scans and monitors our production environment to detect possible intrusion and performs static and dynamic code analysis on a regular basis.

How can I report a security issue?

down chevron

You can contact us via chat or email us at security@vasion.com.

Who at Vasion will have access to customer data?

down chevron

 Only employees who need to access data in order to help perform the services will access customer data.

Can a customer delete their data from Vasion or get their data out of Vasion?

down chevron

Absolutely. Data can be deleted or we can deliver all data collected and stored on behalf of a customer to that customer.

Where is customer data hosted?

down chevron

Vasion is a SaaS platform that is 100% cloud-based in Amazon Web Services. We do not operate our own physical servers, routers, load balancers, or DNS servers. All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from reaching our internal network. Vasion hosts data in geographic regions (EMEA, APAC, etc.) to satisfy compliance concerns.

Is customer data encrypted?

down chevron

Whether data is being transferred or stored, all customer data is secured with the latest encryption algorithms and technologies.

How is customer data encrypted at rest?

down chevron

At rest, all data lives within our Amazon Web Services (AWS) infrastructure. Resting data is encrypted using AWS-provided technologies, which use a symmetric AES-GCM encryption algorithm with 256-bit encryption keys. Encryption keys are stored separately from encrypted data using AWS’ Key Management System (KMS).

How is customer data encrypted during transit?

down chevron

During transit, either externally or internally between Vasion services, data is encrypted using TLS 1.2 to ensure data protection at all times. Vasion SSL certificates are issued through AWS, and when Vasion sends data to third-party systems data is encrypted.

Is customer data backed up? Does Vasion have a disaster recovery plan?

down chevron

Vasion utilizes geographically separate environments to ensure data availability and uptime. Vasion also maintains daily backups that are stored in AWS failover regions. In the unlikely event of simultaneous failure of both environments, Vasion can easily move to that failover region.

Who owns the data that customers collect and store through Vasion?

down chevron

The customer owns all the data they have entered and stored using Vasion.

Does Vasion use customer data for purposes other than performing the services?

down chevron

Vasion does not use personal data collected on behalf of a customer for any purpose other than to perform the services.

What types of personal data do customers collect and store through Vasion?

down chevron

Vasion stores print job metadata and basic customer PII that includes username, name, email and IP address. This is used to provide our customers with usage reports and to conduct in-application NPS surveys.

Does Vasion sell data collected or stored on behalf of its customers?

down chevron

No, Vasion will never sell customer data.

Does Vasion have any security certifications?

down chevron

Yes. Vasion is ISO 27001:2013 certified.

Is Vasion a data controller or data processor?

down chevron

With respect to the data collected and stored by our customers, the customer is the data controller, and Vasion is the data processor. We will enter into a Data Processing Agreement or DPA with any customer that requests one.

Does Vasion conduct due diligence around the data privacy and security practices of potential vendors, data processors and/or sub-processors?

down chevron

Yes. Every new vendor must be vetted by the Legal and Security teams. This process includes completion of a detailed questionnaire, analysis of whether the vendor will have access to personal data, and security certifications.