button

Customer Trust

It’s one of our CORE values. We value it above all else. That’s why the security and integrity of our customers’ data are critically important to us here at Vena. In fact, we believe that a strong security program begins with the culture of our company. All of our employees are part of our culture of security. They understand that security and risk awareness are essential elements of our security framework. Our organization-wide commitment to security is why we employ best-of-breed technologies and stringent operational processes described on this page to help ensure that customer data is safe at all times.

Vena’s Secure Platform

Vena's cloud solution offers our customers concrete benefits such as a superior user experience, more stable and manageable costs and, ultimately, higher productivity for your organization—all on a secure platform that’s always up to date. Data protection controls are regularly reviewed and updated as the security and regulatory landscape continues to evolve.

Security Fundamentals

Vena’s security fundamentals cover:

  • Zero trust security architecture
  • AES 256-bit encryption of all customer data managed using Amazon’s FIPS 140-2 validated Key Management System (KMS)
  • SAML 2.0 Single Sign-On and IP whitelisting
  • Customer data isolation
  • Multi-factor authentication
  • All customer data is transmitted over HTTPS using TLS1.2 encryption

 

Data Center Security

Vena operates only in Amazon Web Services (AWS) data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and that achieve authorization from the U.S. General Services Administration to operate at the FISMA Moderate level. These data centers are also a certified platform for applications with Authority to Operate (ATOs) under the Defense Information Assurance Certification and Accreditation Program (DIACAP). Data centers are strategically located across the globe with physical locations in North America (Virginia, Oregon and Quebec) and Europe (Ireland). Physical security measures such as biometric access controls, 24-hour guard force and video surveillance are used by AWS to ensure that no unauthorized access is permitted to customer data or to the Vena services orchestrating it.  For more information related to AWS security and compliance measures, please visit Amazon's security and compliance pages at https://aws.amazon.com/security/ and https://aws.amazon.com/compliance/. 

Data Backup and Disaster Recovery

Nightly backups of customer data are performed and stored on the Amazon Simple Storage Service (S3) at multiple AWS regions. At all times, current customer data is stored redundantly in AWS. In the event of a disaster recovery scenario, data is restored through AWS snapshots.

Privacy and Data Protection

Vena delivers Software as a Service (SaaS) with targeted security measures for all types of planning, budgeting, reporting and forecasting data sources. Vena invests in privacy and data protection compliance. Vena maintains a number of procedures to help secure our networks, hardware, applications, procured services and most importantly, our customers’ data. Our security framework and the supporting technical controls we operate are aligned to industry best practices to help ensure compliance with applicable data protection requirements. In addition, data handling standards are communicated to employees and Vena follows security by design principles to help ensure compliance with data protection requirements.

Supporting Our Customers’ Ongoing Needs

At Vena, we understand that end-to-end security is fundamental  to our customers’ ability to entrust our services with their sensitive data. We remain committed to upholding a transparent security, privacy and data protection program that is efficient at scale and supports our customers’ ongoing needs.

Questions?

For any further information, please contact us at: securityoffice@venacorp.com.

Disclaimer - Changes to this Page

Our practices and procedures regarding Privacy and Data Security as described here reflect Vena's current production environment as of the publish date above, and may be revised from time to time.  We will update this page accordingly when this occurs.