Security and data handling.
A factual page for the IT lead or CISO doing due diligence. How customer data is stored, how the audit trail is protected, and how content reaches your tenant.
Deployment options
Cloud
Data flows to Vigil24 cloud tenant
On-premise
Data stays inside your infrastructure
Air-gapped
Fully isolated, no external connection
Cloud
Hosted on AWS. AES-256 encryption at rest. TLS 1.2 or higher in transit. Data stays in the customer tenant.
On-premise, connected
All customer data stays inside the organisation network. The update agent pulls content bundles inward. No customer data leaves the network.
Air-gapped
No live connection. Signed bundles are produced on an agreed schedule, typically quarterly, and imported manually via the admin interface. The lag window is documented in the contract.
Data residency
Customer data is stored in your tenant. Cloud deployment is on AWS. Data does not leave your tenant. On-premise and air-gapped deployment options are available for organisations with data residency requirements.
Audit log integrity
The audit trail cannot be edited or deleted. Every action is logged with a timestamp, the identity of the person who took the action, the system affected, and whether the action was permitted or blocked.
Evidence protection
Evidence documents cannot be deleted once audit-protected. This is enforced at the platform level, not dependent on user permissions.
Two-person rule enforcement
The platform enforces separation of duties at the system level. Any attempt to approve your own submission is blocked and logged.
Signed content bundles
Regulation updates and policy content are delivered as signed bundles. Customers can verify that what they are importing came from Vigil24 and has not been modified in transit.
Access control
Role-based access control with custom roles. Every access change is logged. Sensitive actions require separate persons for submission and approval.
Encryption
Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256).
Single sign-on
SSO support for enterprise deployments is in progress. Raise it in a demo conversation if it is a requirement.