animated img

VIRTUAL OFFICE SOLUTIONS
SECURITYPOLICIES

animated img

animated img

SECURITY IS A KEY COMPONENT WITHIN VIRTUAL OFFICE SOLUTIONS AND IS REFLECTED IN OUR PEOPLE, PROCESS, AND SERVICES.

Our security has the following components:

Written Information Security Policy

Organizational Security Policy – We have a Written Information Security Policy (WISP). The objective of Virtual Office Solutions in the development and implementation of this comprehensive written information security policy (“WISP”), is to create effective administrative, technical, and physical safeguards for the protection of personally identifiable information (PII) of customers, clients, and employees as well as sensitive company information that could harmful if unauthorized access were to occur. The WISP sets forth a procedure for evaluating and addressing electronic and physical methods of accessing, collecting, storing, using, transmitting, and protecting PII and sensitive company information.

inner box img

Termination Policy

The purpose of this policy defines the steps required to revoke both physical and system access to The Company’s facilities and network resources.

inner box img

Security Incident Procedures

The purpose of the policy is to develop the response to and reporting of security incidents, including the identification of and response to suspected or known security incidents, the mitigation of the harmful effects of known security incidents, to the extent possible, and the documentation of security incidents and their outcomes.

inner box img

Sanctions and Disciplinary Actions for Virtual Office Solutions

The purpose of this policy governs employee Sanctions and disciplinary actions for Virtual Office Solutions. All employees must comply with this policy. Demonstrated competence in the requirements of this policy is an important part of the responsibilities of every employee.

inner box img

Network Security

The purpose of the policy is to describe the physical safeguards applicable for each server, desktop computer system and wireless computer system used to access, transmit, receive and store PII and sensitive company data to ensure that appropriate security is maintained, and that access is restricted to authorized employees.

inner box img

Access Control

The purpose of the policy is to assure that systems containing PII and/or sensitive company data are accessed only by those persons or software programs that have been granted appropriate access rights.

inner box img

Computer Use

The purpose of this policy is to ensure that employees understand what functions should and should not be performed on Virtual Office Solutions’ s computers and network to maximize the security of PII and sensitive company data. The policy also provides guidance regarding proper safeguards of PII and sensitive company data when accessing social media sites.

inner box img

Disposal Procedure

All media containing PII and sensitive company data, will be disposed of in a manner that destroys the data and does not allow unauthorized access to the data.

inner box img

Bring Your Own Device (BYOD)

The purpose of the policy is to develop the appropriate safeguards to protect PII and sensitive company data on employee personally owned devices. Proper security controls are essential to protect any sensitive information that may be on these devices. Documented instructions and requirements should be provided to all employees that may be accessing or storing PII and sensitive company data on their personally owned devices and acknowledgement of acceptance should be documented and retained.

inner box img

Facility Security Plan

The purpose of the policy is to define the procedures that will limit physical access to PII and sensitive company data and the facility or facilities in which such systems are housed, while still ensuring that proper authorized access is allowed.

inner box img

Social Media

This policy provides guidance for employee use of social media, which should be broadly understood for purposes of this policy to include blogs, wikis, microblogs, message boards, chat rooms, electronic newsletters, online forums, social networking sites, and other sites and services that permit users to share information with others in a contemporaneous manner.

inner box img

Disaster Recovery Plan

The scope of this disaster recovery plan addresses technical recovery only in the event of a significant disruption. All personnel of Virtual Office Solutions must comply with this policy. Demonstrated competence in the requirements of this policy is an important part of the responsibilities of every member of the workforce. The disaster recovery plan should be tested annually to maintain its integrity.

inner box img

Disaster Recovery Plan - Emergency Operations

This policy governs Emergency Operations for Virtual Office Solutions. All employees/workforce members of Virtual Office Solutions must comply with this policy. Demonstrated competence in the requirements of this policy is an important part of the responsibilities of every member of the workforce. Officers, agents, employees, contractors, affected vendors, temporary workers, and volunteers must read, understand, and always comply with this policy in full.

inner box img

Guides and Tips for Employees Working Remotely

We’ve developed a list of guidelines and tips to assist you as you prepare to work from home in a safe, functional work environment. Note, this list is intended for guidance and information purposes only.

inner box img

Incident Response Team

Assembling a breach response team is an integral part of breach preparation within Virtual Office Solutions. The members of a breach response team are identified, with each bringing their own skills to the group. In the event of a breach the team will work together to address the situations and take appropriate actions based on the circumstances.

inner box img

Document Policy

All users who are working directly or indirectly with a client will save and work on all files and documents within the Virtual Office Solution’s Microsoft M365 platform (i.e., OneDrive/SharePoint) which are encrypted and secure. No files or documents will be worked on outside of the M365 Platform unless with written consent between Virtual Office Solutions and the client.

inner box img

Employee background checks

Each employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users.

inner box img

Security Awareness

Each employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance. We provide training on specific aspects of security, that they may require based on their roles. We also educate our employees continually on information security, privacy, and compliance in our internal PII cyber training and security policy platform where our employees check in regularly, to keep them updated regarding the security of the organization.

inner box img

Endpoint Security

All workstations issued to Virtual Office Solutions employees run up-to-date OS version and are configured with anti-virus software. They are configured such that they comply with our standards for security, which require all workstations to be properly configured, patched, and be tracked and monitored by our endpoint management solution. These workstations are secure by default as they are configured to encrypt data at rest, have strong passwords, and get locked when they are idle. Mobile devices used for business purposes are enrolled in the mobile device management system to ensure they meet our security standards in our Bring Your Own Device (BYOD) Policy.

inner box img

Dedicated Security and Privacy Team

We have dedicated security and privacy team that implement and manage our security and privacy programs. They engineer and maintain our defense systems, develop review processes for security, and constantly monitor our networks to detect suspicious activity.

inner box img

Internal audit and compliance

We have a dedicated compliance team to review procedures and policies in Virtual Office Solutions to align them with standards, and to determine what controls, processes, and systems are needed to meet the standards.

inner box img

Encryption

With our Microsoft 365 platform, your data is encrypted at rest and in transit, using several strong encryption protocols, and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).

inner box img

Multi-Factor Authentication

All Virtual Office Solutions employees have MFA enabled. It provides an extra layer of security by demanding an additional verification that the user must possess, in addition to the password. This can greatly reduce the risk of unauthorized access if a user’s password is compromised.

inner box img

Disaster Recovery and Business continuity

Application data is stored in our M365 platform that is replicated across data centers.

inner box img

Improve your overall cybersecurity posture by empowering your workforce to recognize and prevent social engineering attacks. Our FREE eBook will teach you how to design and implement a cybersecurity awareness training program that works.Learn more here