Customer Trust

It’s one of our CORE values. We value it above all else. That’s why the security and integrity of our customers’ data are critically important to us here at Vena. In fact, we believe that a strong security program begins with the culture of our company. All of our employees are part of our culture of security. They understand that security and risk awareness are essential elements of our security framework. Our organization-wide commitment to security is why we employ best-of-breed technologies and stringent operational processes described on this page to help ensure that customer data is safe at all times.

SOC Audits

Vena has successfully completed SOC 1 & SOC 2 Type II audits which were performed by Deloitte LLP. The examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA).

AICPA Service Organization Control Reports Logo

SOC 1
A SOC 1 report documents a cloud service provider’s internal controls that may be relevant to a customer’s financial reporting. This report is available to Vena customers upon request.

SOC 2
The SOC 2 is a report based on the AICPA’s existing Trust Services Criteria (TSC). For SOC 2, the scope of assessment covers Vena’s information systems relevant to security. This report is available to Vena customers upon request.

SOC 3
The SOC 3 is a public report of internal controls over security. This report is available here on Vena’s Trust webpage.

Download the SOC 3 Report


Trusted Cloud Provider

Cloud Security Alliance Trusted Cloud Provider badge

Vena is a Trusted Cloud Provider Member with the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. This strategic partnership aims to foster collaborative cybersecurity efforts, enhance data protection and promote a secure ecosystem—underscoring Vena’s unwavering commitment to safeguarding its customers’ data.

As a Trusted Cloud Provider with CSA, Vena reinforces its dedication to the security of its cloud-based corporate performance management software—which is trusted by leading organizations worldwide.

Vena Security Overview

Our commitment to security is why we employ best-of-breed technologies and stringent operational processes to help ensure that customer data is safe at all times. Vena delivers Software as a Service (SaaS) with targeted security measures for all types of planning, budgeting, reporting and forecasting data sources. Vena maintains a number of procedures to comply with privacy (e.g. PIPEDA) and personal data protection (e.g. GDPR) obligations in the applicable jurisdictions. From a product standpoint, data handling standards are communicated to employees and Vena follows security by design principles to help ensure compliance with data protection requirements. 

Security Fundamentals

Vena’s security highlights include:

  • System and Organization Controls (SOC) 1 and SOC 2 reports
  • A strong Secure Software Development Lifecycle (SDLC)
  • Zero trust security architecture
  • AES 256-bit encryption of all customer data managed using Amazon’s FIPS 140-2 validated Key Management System (KMS)
  • SAML 2.0 Single Sign-On and IP restriction functionality
  • Customer data isolation
  • Multi-factor authentication
  • Secure data transfers—all data is transmitted over HTTPS using TLS1.2 or stronger encryption

Download Vena’s Security Whitepaper

 

Data Center Security

Vena operates only in AWS data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and that achieve authorization from the U.S. General Services Administration to operate at the FISMA Moderate level. These data centers are also a certified platform for applications with Authority to Operate (ATOs) under the Defense Information Assurance Certification and Accreditation Program (DIACAP). Data centers are strategically located across the globe with physical locations in North America (Virginia, Oregon and Quebec) and Europe (Ireland). Physical security measures such as biometric access controls, 24-hour guard force and video surveillance are used to ensure that no unauthorized access is permitted. For more information related to AWS security and compliance measures, please visit Amazon's security and compliance pages at https://aws.amazon.com/security and https://aws.amazon.com/compliance.

Data Backup and Disaster Recovery

Nightly backups of customer data are performed and stored on the Amazon Simple Storage Service (S3) at multiple data centers. At all times, current customer data is stored redundantly in AWS. In the event of a disaster recovery scenario, data is restored through snapshots from Amazon’s Web Services.

Privacy and Data Protection

Vena delivers Software as a Service (SaaS) with targeted security measures for all types of planning, budgeting, reporting and forecasting data sources. Vena invests in privacy and data protection compliance. Vena maintains a number of procedures to help secure our networks, hardware, applications, procured services and most importantly, our customers’ data. Our security framework and the supporting technical controls we operate are aligned to industry best practices to help ensure compliance with applicable data protection requirements. In addition, data handling standards are communicated to employees and Vena follows security by design principles to help ensure compliance with data protection requirements.

Supporting Our Customers’ Ongoing Needs

At Vena, we understand that end-to-end security is fundamental to our customers’ ability to entrust our services with their sensitive data. We remain committed to upholding a transparent security, privacy and data protection program that is efficient at scale and supports our customers’ ongoing needs.

Questions?

At Vena, the security and integrity of our customers’ data are critically important. That’s why best-of-breed technologies and stringent operational processes are employed to ensure that customer data is safe at all times. Data protection controls are continuously reviewed and updated as the security and regulatory landscape continues to change. Vena is committed to a transparent security program that is efficient at scale and supports our customers’ ongoing needs. For any further information, please contact us at: securityoffice@venacorp.com.