Products
PostureIQRiskCommandClioComplianceGuardVigil VRMCompassVigil Platform
Solutions
For CISOs & Security LeadersFor vCISO PracticesFor Cyber Insurance BrokersFor IT & GRC ConsultanciesFor Regulated Industries
Company
PricingResourcesAboutContact
Request a DemoStart Free Trial

Trust Center

Security is not a checkbox.
It's the product.

We hold ourselves to the same standards we help our customers achieve. Here is a transparent view of how we protect your data.

SOC 2 Type II CertifiedISO 27001 AlignedGDPR & CCPA Compliant99.9% SLA

Certifications & Controls

Our security program is designed to meet the highest standards demanded by enterprise GRC customers.

SOC 2 Type II

SOC 2 TYPE II

Audited annually by an independent CPA firm against Security, Availability, and Confidentiality trust service criteria. Reports available under NDA.

Encryption at Rest

AES-256

All customer data encrypted with AES-256. Encryption keys managed in a dedicated KMS with quarterly rotation.

Encryption in Transit

TLS 1.3

TLS 1.3 enforced for all data in transit. TLS 1.0 and 1.1 are disabled. Certificate transparency enforced via CAA records.

Access Control

ZERO TRUST

Mandatory MFA for all Vigil employees. Role-based access control with least-privilege enforcement. Privileged access reviewed quarterly with auto-revocation.

Penetration Testing

ANNUAL

Annual third-party penetration test conducted by a CREST-accredited firm. Critical findings remediated within 24 hours; high within 7 days.

Vulnerability Management

CONTINUOUS

Continuous automated vulnerability scanning across all infrastructure. CVEs tracked and triaged daily against CVSS severity thresholds.

GDPR & CCPA

COMPLIANT

Data Processing Agreements available for EU/UK customers. CCPA opt-out mechanisms in place. DPO appointed; EU data residency options available.

Information Security

ISO 27001

Controls aligned to ISO/IEC 27001:2022. Full certified audit in progress. Internal audit program reviewed semi-annually.

Infrastructure & Availability

Built on enterprise-grade cloud infrastructure with redundancy at every layer.

Cloud ProviderAWS (us-east-1, eu-west-1)
Data ResidencyUS by default; EU available on request
Uptime SLA99.9% guaranteed (Enterprise: 99.95%)
Backup FrequencyContinuous replication + daily snapshots
Backup Retention30 days (configurable for Enterprise)
RTO / RPO4 hours / 1 hour
Status Pagestatus.vigilgrc.com

Policies & Practices

Security is a company-wide responsibility built into how we operate.

Responsible Disclosure

We welcome security researchers. Report vulnerabilities to info@vigilgrc.com. We follow a 90-day coordinated disclosure policy.

Incident Response

Vigil maintains a documented Incident Response Plan. In the event of a breach, affected customers will be notified within 72 hours.

Employee Security Training

All employees complete security awareness training upon hire and annually. Phishing simulations run quarterly.

Vendor Risk Management

All third-party vendors are assessed against Vigil's Vendor Risk Management policy before onboarding and reviewed annually.

Business Continuity

Vigil maintains a Business Continuity Plan and Disaster Recovery Plan, tested annually via tabletop exercises.

Request Security Documentation

SOC 2 Type II report, penetration test executive summary, and Data Processing Agreement (DPA) are available to prospective and current customers under NDA.

Privacy PolicyTerms of ServiceCookie Policy