Skip to main content
Trust Center
Alan Schmoll avatar
Written by Alan Schmoll
Updated over 3 months ago

Overview

We understand the importance of taking appropriate steps to safeguard information and are committed to protecting information relating to our clients and to our people.

We have developed and implemented a comprehensive information security and business resilience framework aligned to industry best practices such as ISO/IEC 27001:2013 the International Standard for Information Security Management Systems (ISMS), IT Infrastructure Library (ITIL) for IT Service Management and ISO22301:2012 for Business Continuity Management Systems (BCMS).

For more details, please see:

Vistra complies with applicable data protection laws. For more details, please see:

Security Measures

Product Security

  • Audit Logs: We log and store every change, action, and event for easy auditing.

  • Multi-Factor Authentication: Available through SAML integration or Google/Microsoft SSO.

  • Role-Based Access Control (RBAC): Granular access controls based on specific roles.

  • SSO Support: SAML, Google, and Microsoft authentication options available.

  • Regular code security reviews are performed

Data Security

  • Encryption at Rest: All hosted data is encrypted using AES-256.

  • Encryption in Transit: TLS 1.2/1.3 and HTTPS protect data in transit.

Organizational Security

  • Employee Background Checks and Confidentiality Agreements

  • Regular Security Training for Employees

  • Limited Access and Principle of Least Privilege

  • Physical Access Control to Office Locations

Privacy and Data Protection

Privacy Policy

Our privacy policy is available at:

Data Retention

We retain personal data for 7 years or as necessary to provide services, comply with legal obligations, or resolve disputes. For more information, please see the Privacy Policy above.

Data Processing and Removal

We support data deletion requests for both controlled and processed data.

Data Privacy Officer

Vistra has appointed a group Data Privacy Officer.

Incident Management and Response

We maintain and test formal Incident Response Plan (IRP) with documented procedures for reporting and resolving security incidents.

Availability and Reliability

  • Auto-scaling capabilities to handle high volumes of data processing

  • Continuous service monitoring and alert systems

Infrastructure and Compliance

  • Our services are built on Amazon Web Services (AWS) platform.

  • Both Vistra and AWS are ISO 27001 certified.

  • We undergo annual third-party penetration testing.

  • Regular vulnerability scans are conducted using DAST and SAST tools.

AI Features and Principles

AI Security and Privacy Principles

  1. Customer-Centric Approach

  2. Transparency and Open Communication

  3. Data Governance

  4. Optionality and Customization

  5. Compliance with Legal and Regulatory Frameworks

  6. Fairness and Equity

  7. Thought Leadership

  8. Executive Accountability

AI Technologies Used

Task Wizard: Amazon Bedrock, Anthropic Claude, Amazon Sagemaker

Data Usage for AI

  • Customer usage data is used to fine-tune Vistra's proprietary LLM.

  • We do not use customer data to train models available outside of Vistra.

  • Amazon Bedrock does not store or log prompts and completions.

For more information on our security practices or to access specific documentation, please visit our Trust Centre or contact our support team at [email protected].


​

Did this answer your question?