Compliance

ISO/IEC 27001

The ISO/IEC 27000 family of standards helps organizations keep information assets secure. ISO/IEC 27001 is a security management standard that specifies security management best practices and comprehensive security controls. The certification requires development and implementation of a diligent security program, which includes the development and implementation of an Information Security Management System (ISMS) that defines how an organization such as Vtiger constantly manages security in a holistic, comprehensive manner.

To know more about it, click here.

ISO/IEC 27701

ISO/IEC 27701 is an extension of ISO/IEC 27001, designed specifically for Privacy Information Management Systems (PIMS). It provides guidelines for establishing, implementing, maintaining, and continually improving a privacy framework within an organization's existing Information Security Management System (ISMS). This certification helps demonstrate Vtiger compliance with global privacy regulations, including GDPR, CCPA, and other data protection laws, by ensuring:

  • Proper handling, processing, and safeguarding of Personally Identifiable Information (PII)
  • Robust privacy risk management policies
  • Clearly defined roles for data controllers and processors
  • Improved security measures for privacy-related data

By adopting ISO/IEC 27701, Vtiger strengthens its commitment to data privacy. This guarantees that customer and partner information is handled securely and aligned with global standards. To learn more about it, click here.

GDPR

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

Vtiger’s privacy oriented features helps customers to adhere and comply with the requirements as per the law. Implementation guides can be found here.

To know how we comply with GDPR, click here.

 

Infrastructure/ Platform Compliance

Compliance of our Infrastructure and platform providers.

Data Centers & Microservices Infrastructure

Vtiger Cloud utilizes Amazon Web Services (AWS), Oracle Cloud Infrastructure (OCI), and Microsoft Azure for primary infrastructure hosting. These cloud providers ensure high availability, security, and compliance with global standards.

  • Amazon Web Services (AWS): Maintains compliance with SOC 2, ISO 27001, PCI DSS, and more - Learn more
  • Oracle Cloud Infrastructure (OCI): Adheres to SOC 2, ISO 27001, FedRAMP, and other security standards - Learn more
  • Microsoft Azure: Implements multi-layered security and complies with SOC 2, ISO 27001, HIPAA, and more - Learn more

Microservices Infrastructure

Vtiger utilizes additional cloud providers for its microservices architecture for enhanced scalability and performance, ensuring redundancy, resilience, and optimized workloads. These providers include:

  • Digital Ocean
  • OVH
  • Hetzner
  • Linode
  • Serverloft
  • Rackspace
  • Ramnode
  • Softlayer
  • Atlantic.Net

Each platform offers specialized hosting solutions, enabling Vtiger to deliver efficient, secure, and globally distributed services to its customers.

Payment Partner

Vtiger’s credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe uses best-in-class security tools and practices to maintain a high level of security at Stripe