Our policies are based on the following foundational principles:
01.
Access is granted on a need-to-know basis, using the principle of least privilege.
02.
Security controls are layered according to the principle of defense-in-depth.
03.
Security controls are applied consistently across the enterprise.
04.
Controls are continuously improved to be more effective, auditable, and frictionless.
Endpoint protection
All corporate devices are centrally managed with MDM software and anti-malware protection, enforcing secure configurations including disk encryption, screen lock, and automatic software updates. Endpoint security alerts are monitored 24/7/365.
Secure remote access
Remote access to internal resources is secured via AWS VPN. Malware-blocking DNS servers provide additional protection for employees browsing the internet.
Security education
All employees complete security training at hire and annually. New employees also attend a mandatory live security onboarding session, and new engineers attend an additional session focused on secure coding practices. The security team shares regular threat briefings to keep employees informed of emerging risks and required actions.
Identity and access management
We enforce the use of phishing-resistant authentication factors, using WebAuthn exclusively wherever possible. Vinny employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.
At Vinny, data privacy is a first-class priority. We strive to be trustworthy stewards of all sensitive data.
Regulatory Compliance
Vinny evaluates updates to regulatory and emerging frameworks continuously to evolve our program.
Privacy Policy
View our Privacy Policy
