Introduction
We are dedicated to building a secure platform. From the moment your data enters our system through its storage and transit phases, every process is defined and controlled by procedures aligned with our standards. This includes everything from data encryption and access control to regular audits, ensuring we maintain the highest level of security.
Certifications
ISO 27001
Highly secure and trustworthy environment
The security program at Vention is meticulously built on the framework of the ISO 27001 standard, a globally recognized guideline for managing information security. This comprehensive standard is a rulebook we strictly follow to ensure a secure platform.
Adherence to the ISO 27001 standard allows us to offer a highly secure and trustworthy environment.
The scope encompasses all Vention processes and resources which are used to create, deliver, and maintain the Vention Online Platform. This includes MachineScope, MachineBuilder, MachineLogic, MachineCloud, MachinePortal, and MachineApps.
NIST 800-171
Ensuring the safety and confidentiality of U.S. Federal data
The National Institute of Standards and Technology (NIST) Special Publication 800-171 is an important set of guidelines that aims to ensure the safety and confidentiality of sensitive U.S. Federal data.
Adherence to NIST 800-171 allows us to serve clients who store, process, or transmit CUI for U.S. Federal projects and who are required to only use vendors with mature Information Security programs.
The scope encompasses all Vention processes and resources with are used to create, deliver, and maintain the Vention Online Platform. This includes MachineScope, MachineBuilder, MachineLogic, MachineCloud, MachinePortal, and MachineApps.
Controls
Secure by Design: The Vention platform is developed following a secure software development lifecycle (SDLC) process that complies with ISO 27001 standards. The process integrates security considerations and controls at every development and deployment stage, thereby ensuring a robust security posture from the ground up. This approach maintains the integrity and confidentiality of your data at all times.
Data Encryption: Customer data is secured using industry-standard encryption both in transit and at rest. This means that your designs and data are protected with robust encryption methods when they are being transmitted to and from the Vention platform, as well as when they are stored on our systems.
For encryption in transit, we use TLS 1.2 & TLS 1.3 and A-rated ciphers. For MachineCloud, we build a web of trust between Vention’s devices and the cloud by using a secure, private PKI with RSA 2048-bit keypairs on both the server and client.
Strict Access Controls: Access to data on the Vention platform is strictly controlled based on the principle of least privilege. Administrator access to our systems is tightly controlled using restricted federated logins, bastion hosts, and 24/7 monitoring with a centralized logging system.
Multi-Factor Authentication: We provide our customers with multi-factor authentication options for additional layers of security during sign-in. This helps protect your account even if someone learns your password. Multi-factor authentication is also required for all of the Vention employee's corporate logins.
Automated Backups: The Vention platform has automated backup mechanisms, ensuring your valuable work is not lost. Your data is always safe with us.
Secure Data Centers: We only leverage trusted cloud providers such as Amazon Web Services (AWS) to host our servers. These providers maintain world-class data centerswith robust physical and digital security measures, including 24/7 surveillance,biometric access controls, and redundant power supplies to ensure secure and constant access to your data.
Regular Security Updates: We conduct routine security updates and patch management to keep Vention’s platform security measures up-to-date with the latest threat landscape, reducing vulnerabilities and maintaining the integrity of your data.
Penetration Testing: To ensure the highest level of security, we regularly perform penetration testing on Vention’s platform. This proactive approach allows us to identify and rectify potential vulnerabilities before they can be exploited.
Privacy Compliance: The Vention platform fully complies with required privacy regulations like GDPR, The Quebec Privacy Act, etc. We are committed to upholding your privacy rights and maintaining the confidentiality of your data. For more information, or if you would like to submit a DSR, contact privacy@vention.cc.
Security Awareness and Training: The Vention team is trained in cybersecurity best practices and is kept up-to-date with the latest security threats and defence mechanisms. This ensures the human element of our operation remains vigilant and effective against potential cyber threats.
Cybersecurity Roadmap
IOXT
Vention believes open standards and transparency are the key to success in security. ioXt is the emerging industry leader in certifying the security of loT devices. With the launch of MachineCloud, Vention’s MachineMotion controllers become capable of cloud connectivity, and it is imperative that we follow industry best practices in securing them.
CAIQ
In the spirit of transparency, we plan to make certain details of the Vention security program publicly available using the industry standard Consensus Assessments Initiative Questionnaire (CAIQ). This will allow our customers with advanced security requirements a rapid turnaround time, as your security teams will already have access to our completed security questionnaires.
Report a Security Incident
If you are a security researcher who would like to report an issue on Vention’s website, please contact bugs@vention.cc. Learn more about Vention Vulnerability Disclosure Policy.