Our security has the following components:
Written Information Security Policy
Organizational Security Policy – We have a Written Information Security Policy (WISP). The objective of Virtual Office Solutions in the development and implementation of this comprehensive written information security policy (“WISP”), is to create effective administrative, technical, and physical safeguards for the protection of personally identifiable information (PII) of customers, clients, and employees as well as sensitive company information that could harmful if unauthorized access were to occur. The WISP sets forth a procedure for evaluating and addressing electronic and physical methods of accessing, collecting, storing, using, transmitting, and protecting PII and sensitive company information.
The purpose of this policy defines the steps required to revoke both physical and system access to The Company’s facilities and network resources.
Security Incident Procedures
The purpose of the policy is to develop the response to and reporting of security incidents, including the identification of and response to suspected or known security incidents, the mitigation of the harmful effects of known security incidents, to the extent possible, and the documentation of security incidents and their outcomes.
Sanctions and Disciplinary Actions for Virtual Office Solutions
The purpose of this policy governs employee Sanctions and disciplinary actions for Virtual Office Solutions. All employees must comply with this policy. Demonstrated competence in the requirements of this policy is an important part of the responsibilities of every employee.
The purpose of the policy is to describe the physical safeguards applicable for each server, desktop computer system and wireless computer system used to access, transmit, receive and store PII and sensitive company data to ensure that appropriate security is maintained, and that access is restricted to authorized employees.
The purpose of the policy is to assure that systems containing PII and/or sensitive company data are accessed only by those persons or software programs that have been granted appropriate access rights.
The purpose of this policy is to ensure that employees understand what functions should and should not be performed on Virtual Office Solutions’ s computers and network to maximize the security of PII and sensitive company data. The policy also provides guidance regarding proper safeguards of PII and sensitive company data when accessing social media sites.
All media containing PII and sensitive company data, will be disposed of in a manner that destroys the data and does not allow unauthorized access to the data.
Bring Your Own Device (BYOD)
The purpose of the policy is to develop the appropriate safeguards to protect PII and sensitive company data on employee personally owned devices. Proper security controls are essential to protect any sensitive information that may be on these devices. Documented instructions and requirements should be provided to all employees that may be accessing or storing PII and sensitive company data on their personally owned devices and acknowledgement of acceptance should be documented and retained.
Facility Security Plan
The purpose of the policy is to define the procedures that will limit physical access to PII and sensitive company data and the facility or facilities in which such systems are housed, while still ensuring that proper authorized access is allowed.
This policy provides guidance for employee use of social media, which should be broadly understood for purposes of this policy to include blogs, wikis, microblogs, message boards, chat rooms, electronic newsletters, online forums, social networking sites, and other sites and services that permit users to share information with others in a contemporaneous manner.
Disaster Recovery Plan
The scope of this disaster recovery plan addresses technical recovery only in the event of a significant disruption. All personnel of Virtual Office Solutions must comply with this policy. Demonstrated competence in the requirements of this policy is an important part of the responsibilities of every member of the workforce. The disaster recovery plan should be tested annually to maintain its integrity.
Disaster Recovery Plan - Emergency Operations
This policy governs Emergency Operations for Virtual Office Solutions. All employees/workforce members of Virtual Office Solutions must comply with this policy. Demonstrated competence in the requirements of this policy is an important part of the responsibilities of every member of the workforce. Officers, agents, employees, contractors, affected vendors, temporary workers, and volunteers must read, understand, and always comply with this policy in full.
Guides and Tips for Employees Working Remotely
We’ve developed a list of guidelines and tips to assist you as you prepare to work from home in a safe, functional work environment. Note, this list is intended for guidance and information purposes only.
Incident Response Team
Assembling a breach response team is an integral part of breach preparation within Virtual Office Solutions. The members of a breach response team are identified, with each bringing their own skills to the group. In the event of a breach the team will work together to address the situations and take appropriate actions based on the circumstances.
All users who are working directly or indirectly with a client will save and work on all files and documents within the Virtual Office Solution’s Microsoft M365 platform (i.e., OneDrive/SharePoint) which are encrypted and secure. No files or documents will be worked on outside of the M365 Platform unless with written consent between Virtual Office Solutions and the client.
Employee background checks
Each employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users.
Each employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance. We provide training on specific aspects of security, that they may require based on their roles. We also educate our employees continually on information security, privacy, and compliance in our internal PII cyber training and security policy platform where our employees check in regularly, to keep them updated regarding the security of the organization.
All workstations issued to Virtual Office Solutions employees run up-to-date OS version and are configured with anti-virus software. They are configured such that they comply with our standards for security, which require all workstations to be properly configured, patched, and be tracked and monitored by our endpoint management solution. These workstations are secure by default as they are configured to encrypt data at rest, have strong passwords, and get locked when they are idle. Mobile devices used for business purposes are enrolled in the mobile device management system to ensure they meet our security standards in our Bring Your Own Device (BYOD) Policy.
Dedicated Security and Privacy Team
We have dedicated security and privacy team that implement and manage our security and privacy programs. They engineer and maintain our defense systems, develop review processes for security, and constantly monitor our networks to detect suspicious activity.
Internal audit and compliance
We have a dedicated compliance team to review procedures and policies in Virtual Office Solutions to align them with standards, and to determine what controls, processes, and systems are needed to meet the standards.
With our Microsoft 365 platform, your data is encrypted at rest and in transit, using several strong encryption protocols, and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).
All Virtual Office Solutions employees have MFA enabled. It provides an extra layer of security by demanding an additional verification that the user must possess, in addition to the password. This can greatly reduce the risk of unauthorized access if a user’s password is compromised.
Disaster Recovery and Business continuity
Application data is stored in our M365 platform that is replicated across data centers.