Overview
At Orisoft V10, we are dedicated to earn and maintain your trust by prioritizing security, privacy, and reliability across our platform. Our Trust Center offers full transparency into the measures we take to protect your data and ensure secure and uninterrupted services for all users.
Through adherence to industry-leading standards, the implementation of rigorous security controls and the enforcement of strong data governance policies, Orisoft V10 enables businesses, partners, and individuals to connect with confidence across regions and industries.
The Trust Center reflects our ongoing dedication to data protection, regulatory compliance, and fostering a secure environment for seamless international collaboration.
TABLE OF CONTENTS
What is the Encryption Method?
Data Encryption at Orisoft V10
At Orisoft V10, the security of your data is paramount. Our platform, hosted on Microsoft Azure, utilizes advanced encryption techniques to safeguard your information – both at rest and in transit – ensuring comprehensive protection throughout its lifecycle.
Encryption at Rest
All Orisoft V10 databases leverage Transparent Data Encryption (TDE) – a built-in feature of Azure SQL to automatically encrypt data stored across all environments. This ensures encryption is enforced without requiring any changes to your applications.
We implement 256-bit Advanced Encryption Standard (AES) – a widely recognized industry benchmark – for strong and reliable protection of data at rest against unauthorized access.
Dynamic Data Masking – a native feature of Azure SQL, is enabled to protect predefined sensitive data by obscuring it from non-administrative users. This helps ensure that only authorized personnel can view the full details of sensitive information when interacting with database.
Encryption in Transit
To secure data in motion, our platform enforces HTTPS over Transport Layer Security (TLS) 1.2, ensuring that all communication between users and the application is encrypted and authenticated. This protects the confidentiality and integrity of your data during transmission.
What is Security Testing & Risk Management?
Penetration Testing and Vulnerability Management
We engage independent, third-party security experts to perform annual penetration tests on our platform and supporting infrastructure. These assessments follow industry-standard methodologies and are designed to proactively identify and mitigate potential security vulnerabilities.
Critical and high-risk issues are addressed immediately upon identification. Medium and low-risk findings are tracked and remediated as part of our regular development cycles, with resolution completed within the same calendar year.
All findings and remediation actions are thoroughly documented to ensure full traceability and accountability. Summary reports of these assessments are available upon request and subject to a non-disclosure agreement (NDA).
What is Database Redundancy and Backup Retention Policy?
All databases hosted on Azure SQL are geo-redundantly configured, with near real-time replication from the Southeast Asia region (Singapore) to the East Asia region (Hong Kong), ensuring high availability and regional disaster recovery capabilities.
Our Point-in-Time Restore (PITR) policy retains database backups for 7 to 35 days, with differential backups performed every 24 hours. Long-term retention (LTR) is structured as follows:
- Weekly backups retained for 4 weeks
- Monthly backups retained for 12 months
- Yearly backups retained for 7 years
All backups are fully automated, requiring no manual intervention, and are monitored and managed in alignment with Azure’s high-availability and durability service-level agreements (SLAs).
Access Management at Orisoft V10
At Orisoft V10, we prioritize secure, scalable, and role-aware access to your data. Our platform is built on Microsoft Azure infrastructure and combines modern authentication with robust internal authorization controls to ensure users access only the data they need.
Authentication in Orisoft V10
Apart from System Authentication, Orisoft V10 supports LDAP authentication and SSO options with SAML 2.0 protocol. Multi-factor authentication (MFA) is supported with Orisoft V10 System Authentication, or you may leverage the MFA authentication of the Identity Provider when SSO is enabled.
Authorization In Orisoft V10
Access within the application is managed through a similar Azure-based access control system that incorporates the following key components:
- Role-Based Access Control (RBAC): Users are assigned specific roles that determine their permitted actions and data access levels within the platform.
- Hierarchy and Scoped Access: Permissions are aligned with organizational structures and allowing access to data based on roles, reporting lines, and employee levels.
- Multi-Tenant Architecture: The platform is designed to securely isolate client data across tenants, while supporting customizable access configurations tailored to each organization’s needs.
Advanced Security Enforcement
Orisoft V10 access controls are strengthened through the integration of leading-edge security tools, each contributing to a layered defense strategy:
- Microsoft Defender for Cloud continuously monitors for access misconfigurations and enforces security best practices across the environment.
- Microsoft Sentinel provides real-time detection of suspicious login activities and access anomalies, enabling rapid threat response.
- Cloudflare safeguards the authentication layer against external threats such as DDoS attacks and credential abuse.
- Wiz identifies identity-related risks, including excessive permissions and exposed credentials, helping to reduce the attack surface.
These tools deliver comprehensive and end-to-end protection for the platform's access and identity management.
Client User Access
Client users are provisioned based on their organization’s defined hierarchy and role structure. Each user is granted only the access necessary to perform their duties, minimizing the risk of unauthorized access.
Vistra User Access
Internal Vistra users and affiliates are granted access strictly based on their role in servicing the client. Permissions are aligned with contractual obligations to ensure confidentiality and compliance.
We also conduct ongoing access monitoring and regular reviews to ensure that user roles remain appropriate over time and that access is promptly adjusted as responsibilities change.
What are Orisoft V10 Incident Response Plan?
Disaster Recovery at Orisoft V10
At Orisoft V10, we are committed to ensuring the continuity and security of your operations. Our comprehensive Disaster Recovery (DR) Plan is designed to minimize downtime and data loss in the event of an unplanned incident, enabling rapid restoration of services for our Azure infrastructure.
Disaster Recovery Plan
Our DR Plan outlines well-defined procedures for recovering critical systems and data. Two key metrics guide our response:
Recovery Time Objective (RTO): The maximum acceptable downtime for systems, applications, or networks. Orisoft V10’s RTO is 24 hours, ensuring prompt service restoration and minimal disruption to your global operations.
Recovery Point Objective (RPO): The maximum acceptable period of data loss during an incident. Orisoft V10’s RPO is 24 hours.
We’re committed to maintaining your trust through transparency and robust security practices. If you have any questions or need further assistance, please raise a ticket, and our support team will respond as soon as possible.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article