ViewsHub Security Policy

At ViewsHub we take the security of your data very seriously, and we aim to be clear and open about security. If you have any questions, please contact us.

We have strict controls of our employee’s access to customer data, and are committed to ensure it is not seen by anyone who should not have access to it. User content is controlled by the privacy settings of the site as set by the user themselves.

The operation of ViewsHub requires that some employees have access to the systems which store customer data, for example, in order to diagnose a problem you are having with ViewsHub.

ViewsHub conducts background checks on all employees before employment, and employees receive privacy and security training. All employees are required to read and sign our information security policy covering the security, availability, and confidentiality of the ViewsHub service.

Our website and app traffic is encrypted with the latest SSL / HTTPS. TLS is configured to version 1.2- 1.3. TLS version 1.1 is disabled. No public services offered on unencrypted port 80. Internal app flows are over AJAX SSL or internal LAN apps

The following security-related audits and certifications are applicable to the ViewsHub services:

Our hosting company is Rapidswitch (https://www.rapidswitch.com), part of Iomart (https://www.iomart.com). Iomart is ISO 9001 and 27001 certified, and fully SOC 2 compliant.

To ensure their continued compliance, third parties can verify their ISO status by contacting Isoqar. Their contact details can be found on: https://www.alcumus.com/en-gb/certification/customer-area/certificate-checker/

Iomart's certificate number is 7235. Please use this to verify the ISO status when contacting Isoqar. You can check their accreditations on their website: https://www.iomart.com/about-us/

Certifications:

●        ISO 9001

●        ISO 20000

●        ISO 27001

●        ISO 22301

●        ISO 14001

●        ISO 5001

●        Cyber Essentials

●        AICPA SOC 18

●        ITAR

●        G Cloud 12

Iomart accredited management systems which cover Rapidswitch operational sites in the UK include ISO 9001:2015 for quality assurance, ISO 27001:2013 for information security and ISO 20000-1:2011 for IT service.

They are all independently assessed every 6 months by an assessor from ISOQAR, a UKAS accredited certifying body. The auditor determines the effectiveness of the service controls in place and conformity with these global standards.

All user passwords on our site are fully encrypted in our database via a secure compiled blackbox encryption method. Passwords are encrypted during transfer via HTTPS/SSL. Certain session cookies are encrypted to AES/Rijndael standard (US Government standard).

Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with Windows Security Groups.

We perform automated vulnerability scans on our production hosts and remediate any findings that present a risk to our environment. We enforce screen lockouts.

Some services offered are restricted by IP and MAC addresses, for a further layer of security.

To ensure that the products and services we deliver include appropriate security safeguards, we constantly evaluate our safety measures.

New features, functionality, and design changes go through a security review process and are manually peer-reviewed prior to deployment.

The security team works closely with development teams to resolve any additional security concerns that may arise during development.

We place great importance on the security of all personal information associated with our users.

We have security measures in place which aim to protect against the loss, misuse and alteration of personal information under our control.

We actively monitor to detect for intrusions into our systems, and look for anomalies and alerts, and can respond to issues as they arise.

Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

In the event of a security breach, ViewsHub will notify you of any unauthorized access to your Customer Data.

We are committed to making ViewsHub consistently available to you and your teams.

Our infrastructure runs on systems that are fault tolerant, and we regularly test our disaster-recovery measures.

Our databases are backed up every night so that in the event of any breach, we can restore service within 24 hours.

Our team is on-call to quickly resolve unexpected incidents.

User accounts are secure, and only users who sign up and authenticate with their company email domain can access their company account and see their company team profiles.

Team administrators can control team member access to their team profile, as well as the privacy level of any content on their team profile to determine who can see it within their organization.

Users can cancel their account at any time, and can request a downloadable CSV file of their data. Information about exporting your data can be requested by contacting us.

ViewsHub’s privacy policy can be found at https://www.viewshub.com/privacy.aspx

A secure password and recovery info help you protect your ViewsHub account.

A strong password helps you:

●        Keep your personal info safe

●        Protect your emails, files, and other content

●        Prevent someone else from getting in to your account

●        Meet password requirements

Your password should be any combination of letters, numbers, and symbols (ASCII-standard characters only). Accents and accented characters aren't supported.

Don not use a password that:

●        Is particularly weak. Example: "password123"

●        You've used before on your account

●        Starts or ends with a blank space

Follow tips for a good password

A strong password can be memorable to you but nearly impossible for someone else to guess. Learn what makes a good password, then follow these tips to create your own.

●        Make your password unique

●        Use a different password for each of your important accounts, like your email and online banking.

Reusing passwords for important accounts is risky. If someone gets your password for one account, they could access your email, address, and even your money.

Tip: If you have trouble remembering multiple passwords, learn how to use a tool to manage your saved passwords.

Make your password longer and more memorable

Long passwords are stronger, so make your password at least 12 characters long. These tips can help you create longer passwords that are easier to remember. Try to use:

●        A lyric from a song or poem

●        A meaningful quote from a movie or speech

●        A passage from a book

●        A series of words that are meaningful to you

●        An abbreviation: Make a password from the first letter of each word in a sentence

Avoid choosing passwords that could be guessed by:

●        People who know you

●        People looking at easily accessible info (like your social media profile)

Avoid personal info and common words

Don’t use personal info. Avoid creating passwords from info that others might know or could easily find out. Examples:

●        Your nickname or initials

●        The name of your child or pet

●        Important birthdays or years

●        The name of your street

●        Numbers from your address

●        Don’t use common words & patterns

Avoid simple words, phrases, and patterns that are easy to guess. Examples:

●        Obvious words and phrases like "password" or "letmein"

●        Sequences like "abcd" or "1234"

●        Keyboard patterns like "qwerty" or "qazwsx

Credit: https://support.google.com/accounts/answer/32040?hl=en#zippy=%2Cmake-your-password-unique%2Cmake-your-password-longer-more-memorable%2Cavoid-personal-info-common-words