The Voyanta system has never been breached and we have never lost any customer data. We invest heavily to protect our customers’ sensitive financial information against unauthorized access and system failures, ensuring data is guarded to the highest level.
Voyanta is certified and audited to the ISO-27001 security standard. Our hosting and service delivery infrastructure ensures the highest level of security. This is supported by a world-class network, data and physical security environment. We continuously evaluate and reinforce our security policy and practices.
Our servers use Extended Validation SSL Certificates signed by Thawte, a leading global authority, to encrypt all data transferred between users and Voyanta. The encryption is the same as that used for Internet banking.
Only Voyanta users invited by administrative users within the customer organization have access to our customers’ data, and with selected levels of user permission allocated on an item by item level. Permissions can be removed from invited users at any time.
All users must choose a strong password and automatic lockouts are enforced when incorrect passwords are repeatedly entered. Sessions are automatically logged out after a period of inactivity.
Voyanta’s servers are hosted in multiple enterprise grade hosting facilities within the EU, with best practice infrastructure security procedures and policies, audited to meet a range of security standards including SOC 1 Type II.
External access to Voyanta servers is controlled by multiple layers of firewalls, intrusion protection systems and routers, which are configured and monitored according to industry best practice. The Voyanta database is protected behind multiple layers of security and is never directly accessible from outside the system.
Voyanta has been designed for high user availability, with redundancy built into every level of our application and infrastructure, including redundant power, network, application and web servers. Our service availability performance stands at 99.98% since launching the service.
The system has been carefully designed to cope with peaks of user activity. Automated systems monitor system load and launch additional server capacity as required to ensure that the system is able to support customer requests at all times. Further automated systems monitor system availability and key health metrics to ensure prompt and proactive intervention if required.
Customer data is backed up to multiple geographic locations along with logs to ensure that, in the unlikely event of failure, the system can be restored to any second in time in the preceding month.
Our security is reviewed regularly and audited by external specialists. This includes detailed system security audits including penetrative testing and automated server port security scanning by CREST accredited specialists, as well as ISO-27001 certification.