Menu

Virtuozzo Information Security Policy

 

Virtuozzo maintains a comprehensive information security and compliance program that includes administrative, physical and technical controls based on ongoing risk assessment. Our information security policies and processes are based on broadly accepted international security standards and take into account the requirements of related local regulation frameworks such as Europe’s General Data Protection Regulation (GDPR).

Purpose
The purpose of this Policy is to safeguard information through fulfillment of the following principles:

  • Information will be protected against unauthorized access or misuse.
  • Confidentiality of information will be secured.
  • Integrity of information will be maintained.
  • Availability of information / information systems is maintained for service delivery.
  • Business continuity planning processes will be maintained.
  • Regulatory, contractual and legal requirements will be complied with.
  • Physical, logical, environmental and communications security will be maintained.
  • Infringement of this Policy may result in disciplinary action or criminal prosecution.
  • When information is no longer of use, it is disposed of in a suitable manner.
  • All information security incidents will be reported and investigated through the appropriate management channel.

Access Control
Virtuozzo uses an enterprise-wide access control policy to restrict access to information resources and data in accordance with official duties. Access provisioning is based on the “Need to Know” and “Least Privileges” principles. Internal access control procedures detect and prevent unauthorized access to Virtuozzo systems and information resources. When providing access, Virtuozzo uses centralized access control systems with secure mechanisms and authentication protocols (LDAP, Kerberos, SSH certificates), unique user IDs, strong passwords and limited control access lists to minimize the likelihood of unauthorized access.

Acceptable use of information systems
Use of the Company’s information systems by authorized users will be lawful, honest and decent and shall have regard to the rights and sensitivities of other people.

Data storage security
The disks and equipment on which the data storage and / or processing are carried out can be broken, switched out for repair or decommissioned. In these cases, Virtuozzo takes measures aimed at a complete erasure of data from disks and the removal of residual data from the internal memory of the equipment according to NIST SP 800-88rev1. In the event that it is not possible to erase (delete) such information, physical destruction of equipment is performed in a way that makes it impossible to read (restore) such data. Virtuozzo personnel are obligated to comply with Virtuozzo’s confidentiality policies. Virtuozzo pays special attention to the selection of personnel by conducting appropriate background verification checks on candidates for employment in accordance with applicable local laws, statutory regulations and ethics.

Information Security Policy performance evaluation and continual improvement
Virtuozzo continually monitors its Information Security Policy to detect and respond to new information security risks in a timely manner.

Back To Top