Vinyl Security
Vinyl was built with security at its core.
Because when it comes to low-code application development, security and compliance are top of mind for IT and enterprise leaders everywhere. Here’s a look at all the ways security is fundamental to the Vinyl platform – and the work we do continuously to keep our customer data safe.
SOC 1 Type II and SOC 2 Type II Compliance
Vinyl is fully compliant with SOC 1 Type II and SOC 2 Type II validated via a Service Organization Controls (SOC) audit issued by the Association of International Certified Professional Accountants. SOC 1 and SOC 2 represent assurances on operational controls at a service organization. Vinyl holds an active SOC 1 Type II report and an SOC 2 Type II report.
Privacy Policy
The obligation to privacy and safeguarding data is taken seriously, and compliance with all applicable laws and regulations is ensured. Read our Privacy Policy Statement which applies to all information collected, managed, and controlled by Vinyl.
Network and Service Security
We maintain state-of-the-art security and monitoring with our networks and services, including:
- Active Monitoring
We continuously monitor all our services to ensure optimal service and uptime. Our Support Team is available to customers with an SOW agreement. - Disaster Recovery Plan
A current Disaster Recovery Plan (DRP) is maintained in the event of an emergency.
Platform Security
Our product team regularly performs audits and checks on the platform itself, in addition to running thorough QA and UAT testing with every Vinyl release. Some of these additional audits include:
- Penetration Testing
The Vinyl platform undergoes annual penetration testing which is performed by a third-party company. This testing helps us identify any weaknesses in our systems, network, and infrastructure. - Additional Security Testing
We have undergone the Service Organization Controls (SOC) audit. We leverage Veracode and SourceClear to help assess and maintain Vinyl’s security. - Veracode is used to scan and identify any static vulnerabilities
- SourceClear reviews libraries our technology use
Application Security
At the application level, Vinyl developers are responsible for implementing and maintaining the security measures and configuration. If required, we can work with our customers to develop compliant applications. The Vinyl platform, in combination with proper security measures, standards, and configuration, can be used to build apps that are compliant with HIPAA, PCI, and GxP.
Vinyl provides many different methods to implement and control application-level access and security. Examples of application security:
- Providers & Identities
Vinyl’s security model supports multiple, configurable security providers. Security providers handle user authentication to an application, data source authentication, connection-level security, and authorization policies. - Privileges & Permissions
Vinyl’s application security model is composed of Users, Groups, Privileges, Roles, and Permissions. Collectively these elements allow a developer to group and provision the right access to the right users. - Native Audit
Vinyl provides auditing capabilities out of the box and a simple method for developers to enable enhanced auditing if desired. This functionality provides a visual log to any changes made to each record.
Vinyl Security Overview
Vinyl promotes the rapid development of secure applications along with their ability to be quickly deployed in a secure environment. Native security features and configuration options available within the Vinyl platform enable developers to configure and secure their applications.
Information on Vinyl and security, including the Vinyl Security Overview guide, is documented and available on Vinyl Success Central.