Skip to main content

Information Security Policy

Updated over a week ago

Version: TP.21112024.03

Effective date: 06/January/2026

1.Relationship to End User License Agreement (EULA)

This Information Security policy is subject to the terms and conditions set forth in the End User License Agreement (EULA).

2.Safeguarding of the data

Our Atlassian Marketplace applications are hosted on cloud infrastructure with Data Residency support enabled in accordance with the customer’s pinned Jira location. Vansah utilises DigitalOcean and Amazon Web Services (AWS) data centres to support the operation of its applications. Vansah is certified to ISO/IEC 27001 for its information security management system and engages hosting providers that maintain independently audited compliance certifications, including ISO/IEC 27001, ISO/IEC 27018, and SOC 1/2/3.

Vansah acts as the data controller for customer data processed by its applications and retains administrative control over such data within the hosting environment, subject to the applicable contractual, technical, and legal safeguards.

3.Safeguarding of applications

To ensure the security of production applications, our Software utilises a Continuous Integration Server that compiles and distributes the software. The server performs thorough checks on the code, including vulnerability scanning, version verification, and rigorous testing before deploying it to the targeted environment. Only when all tests pass successfully, the build is accepted and published, ensuring the reliability and integrity of the Software.

4.Threat of viruses

At Vansah, every computer has Virus Scan and Anti Spyware Enterprise antivirus software installed, which constantly protects against any malware type.

5.Threat of intrusion

In order to prevent intrusion, our Software uses a High performance Network Security Monitoring (NSM) tool that can detect and block attacks against our network.

We have developed our own signatures to detect malicious or unknown traffic including Intrusion Detection (IDS) and Intrusion Prevention (IPS) modes. Our Software also utilises Security Information and Event Management (SIEM) tools monitoring the data we collect.

6.Data Classification System

Our Software classifies data based on the following sections:

  • Data Type: Data can be classified into different types, such as numerical, categorical, ordinal and textual.

  • Data Source: Data can be classified based on its source, such as primary data (collected first hand) or secondary data (derived from primary sources or existing databases).

  • Data Format: Data can be classified based on its format, such as structured data, unstructured data , or semi-structured data (partially organized, e.g., XML files).

  • Data Domain: Data can be classified based on the domain or subject area it belongs to, such as customer data or system.

  • Data Accessibility: Data can be classified based on its accessibility, such as public data (available to anyone), private data (restricted access), or confidential data (highly sensitive and protected).

  • Data Purpose: Data can be classified based on its purpose, such as transactional data (records of application transactions), analytical data (used for analysis and insights), or operational data (used for day-to-day functions/application operations)

7. Security Breach Procedures

At Vansah, we are committed to protecting customer data and ensuring transparency in the event of a security incident. In the unlikely case of a data breach, we follow a structured approach to assess, contain, and notify affected parties promptly.

  • Vansah will notify affected customers within 24 hours of confirming a security breach that impacts their data.

  • Affected customers will be informed via email or other direct communication channels, ensuring timely awareness of the breach.

  • Notifications will include relevant details such as: The nature and scope of the breach, The type of data affected, Actions taken to resolve the incident, Recommended steps for customers to protect their accounts and data

  • Vansah will continue to update affected customers as new information becomes available.

  • Our support team will remain available to assist with any concerns or questions regarding the breach and necessary next steps.

8.Information Security Objectives

Vansah is committed to establishing, maintaining, and continually improving its Information Security Management System (ISMS). Vansah is ISO/IEC 27001 certified.

Objectives:

  1. Ensure 100% of production deployments pass security vulnerability scans through CI/CD pipelines.

  2. Maintain system uptime above 99.9% for core customer-facing applications.

  3. Respond to verified security incidents within 24 hours of identification.

  4. Conduct quarterly access reviews of privileged systems and sensitive data.

  5. Deliver annual information security awareness training to 100% of staff and contractors.

9.Contact Information

If you have any questions about this Information Security policy , please contact us through our support portal.

Updates:

  1. Included page reference to status page (see: 8.2) - 10th of October 2025

  2. Included reference to ISO/IEC 27001 certification (see: 2.0) - 06th of January 2026

Related Articles
Data Security Policy
How does Vansah Ensure Compliance with Global Security Standards?
Vansah Data Security and Governance Policy Suite
Enterprise risk assessment, Vansah Platform Security Review
Data Processing Agreement
Did this answer your question?