Viewup aims to help businesses and organizations to work together seamlessly and enjoy uninterrupted and secured meeting experience with their remote co-workers on various platforms like tablets, PCs, laptops, desktops and smartphones, irrespective of operating systems such as Android, iOS, Mac.
We believe that Security of Customer Data must have the highest priority. Viewup aims to ensure the appropriate Confidentiality, Integrity, Availability and Privacy practices are aligned with Industry standard best practices including ISO 27001 and AICPA Trust Service Principles.
We ensure that its security commitments are well documented and illustrated to user entities through our website, contract agreement, or in a service level agreement.
Our Security Compliance
Viewup has architected its platform having rigorous control processes, and the ability to effectively manage risk and avoid service outage. We know where every bit is essential when protecting our customers’ data, the focus of our Security Team is to identify and mitigate risks, implement best practices, and constantly develop ways to prevent unauthorized access to customer data. Formal IT policies and procedures exist that describe physical security, logical access, operations, change control, and data communication standards.
1. Access Control:
a. Viewup adheres to principles of least privilege and role-based permissions when provisioning access.
b. Viewup employs multi-factor authentication for all access to systems having highly classified data, including our production server which houses our customer data.
c. Strict Firewall rules restrict access to vulnerable ports to ensure secure and limited access to the production environment.
2. Login Security:
a. Each user can log in with a range of authentication methods including unique username and password with specific authorization and Single Sign-On (SSO) as controlled by the account administrator.
b. Password complexity is conformed to defined password standards and configuration.
Security by Design
Viewup understands the security risk associated with software changes introduced during the Secure Development Lifecycle. Our security team adheres to OWASP Top 10 to categorize risks as High, Medium or Low risk. All updates or changes to the production system be they code or system configuration changes, require review prior to deployment to the production environment.
Data both in transit and at rest, whether media streams in your video calls and meetings, recordings or instant messages, is encrypted with approved, secure AES 256-bit Encryption.
Network, Server & Endpoint Security
- Viewup utilizes Firewall & Intrusion Detection Systems in our corporate network to log, monitor and audit all system calls and has alerting in place and identifies potential intrusion.
- Development and Testing activities are hosted on a separate network from systems supporting Viewups’ production infrastructure.
- Viewup services such as Meeting, Chat, Screen Sharing, and Conference Room are hosted on an advanced data centre which adheres to the highest industry standards of quality, security and reliability.
- Access to data, system utilities and program source code libraries are controlled and restricted to those authorized users who have legitimate business needs.
- Workstations are updated with latest monitoring software to report potential malware, unauthorized software and mobile storage devices.
Disaster Recovery and Business Continuity
Viewup has adopted and documented a Business continuity and Disaster Recovery plan to identify and reduce risks, limit the consequences of damaging incidents, and ensure the timely resumption of essential operations.
Incident Response and Data Breach
Viewup has established policies and procedures which guide users in identifying, reporting and mitigating failures which help them in responding to potential security incidents.
When security events are detected they are escalated to the respective response team, Response time to address the event is 2 hours. We make sure to notify the supervisory authority of Personal Data Breach within 72 hours of becoming aware of the breach.
Vulnerability Assessment and Penetration Testing
Vulnerability scans are performed at least quarterly on the environment to identify control gaps and vulnerabilities. Vulnerabilities found are resolved within a timeframe by our security team.
A third party performs a penetration testing annually to identify and exploit vulnerabilities identified within the environment.
Data Collection, Retention and Disposal
Viewup only collects and stores basic information under the user account profile which includes Name, Email address, and information related to browsing on behalf of the brand and use of our app.
Customer data is removed immediately upon deletion by the end user or upon expiration.
Viewup hard deletes all information from currently running production systems. Backups are destroyed within 15 days.
Viewup follows industry standards and advanced techniques for data destruction.
Viewup does not monitor your meetings or its content.
We never sell, or have any future intentions to sell your personal information.
Viewup complies with all applicable privacy laws, rules, and regulations in the jurisdictions in which it operates, including the GDPR and the CCPA.
We understand that Security and Protection of Customer Data is a critical responsibility we have to our customers and is an organization-wide security effort. We are committed to working with you across all of your security needs. Please contact us at below details if you have any questions or concerns.