Overview
We understand the importance of taking appropriate steps to safeguard information and are committed to protecting information relating to our clients and to our people.
We have developed and implemented a comprehensive information security and business resilience framework aligned to industry best practices such as ISO/IEC 27001:2013 the International Standard for Information Security Management Systems (ISMS), IT Infrastructure Library (ITIL) for IT Service Management and ISO22301:2012 for Business Continuity Management Systems (BCMS).
For more details, please see:
Vistra complies with applicable data protection laws. For more details, please see:
Security Measures
Product Security
Audit Logs: We log and store every change, action, and event for easy auditing.
Multi-Factor Authentication: Available through SAML integration or Google/Microsoft SSO.
Role-Based Access Control (RBAC): Granular access controls based on specific roles.
SSO Support: SAML, Google, and Microsoft authentication options available.
Regular code security reviews are performed
Data Security
Encryption at Rest: All hosted data is encrypted using AES-256.
Encryption in Transit: TLS 1.2/1.3 and HTTPS protect data in transit.
Organizational Security
Employee Background Checks and Confidentiality Agreements
Regular Security Training for Employees
Limited Access and Principle of Least Privilege
Physical Access Control to Office Locations
Privacy and Data Protection
Privacy Policy
Our privacy policy is available at:
Data Retention
We retain personal data for 7 years or as necessary to provide services, comply with legal obligations, or resolve disputes. For more information, please see the Privacy Policy above.
Data Processing and Removal
We support data deletion requests for both controlled and processed data.
Data Privacy Officer
Vistra has appointed a group Data Privacy Officer.
Incident Management and Response
We maintain and test formal Incident Response Plan (IRP) with documented procedures for reporting and resolving security incidents.
Availability and Reliability
Auto-scaling capabilities to handle high volumes of data processing
Continuous service monitoring and alert systems
Infrastructure and Compliance
Our services are built on Amazon Web Services (AWS) platform.
Both Vistra and AWS are ISO 27001 certified.
We undergo annual third-party penetration testing.
Regular vulnerability scans are conducted using DAST and SAST tools.
AI Features and Principles
AI Security and Privacy Principles
Customer-Centric Approach
Transparency and Open Communication
Data Governance
Optionality and Customization
Compliance with Legal and Regulatory Frameworks
Fairness and Equity
Thought Leadership
Executive Accountability
AI Technologies Used
Task Wizard: Amazon Bedrock, Anthropic Claude, Amazon Sagemaker
Data Usage for AI
Customer usage data is used to fine-tune Vistra's proprietary LLM.
We do not use customer data to train models available outside of Vistra.
Amazon Bedrock does not store or log prompts and completions.
For more information on our security practices or to access specific documentation, please visit our Trust Centre or contact our support team at [email protected].
β