Security

Security and data handling.

A factual page for the IT lead or CISO doing due diligence. How customer data is stored, how the audit trail is protected, and how content reaches your tenant.

Deployment options

Cloud

YouCloudCloud

Data flows to Vigil24 cloud tenant

On-premise

YouOn-premise

Data stays inside your infrastructure

Air-gapped

YouAir-gapped

Fully isolated, no external connection

Cloud

Hosted on AWS. AES-256 encryption at rest. TLS 1.2 or higher in transit. Data stays in the customer tenant.

On-premise, connected

All customer data stays inside the organisation network. The update agent pulls content bundles inward. No customer data leaves the network.

Air-gapped

No live connection. Signed bundles are produced on an agreed schedule, typically quarterly, and imported manually via the admin interface. The lag window is documented in the contract.

Data residency

Customer data is stored in your tenant. Cloud deployment is on AWS. Data does not leave your tenant. On-premise and air-gapped deployment options are available for organisations with data residency requirements.

Audit log integrity

The audit trail cannot be edited or deleted. Every action is logged with a timestamp, the identity of the person who took the action, the system affected, and whether the action was permitted or blocked.

Evidence protection

Evidence documents cannot be deleted once audit-protected. This is enforced at the platform level, not dependent on user permissions.

Two-person rule enforcement

The platform enforces separation of duties at the system level. Any attempt to approve your own submission is blocked and logged.

Signed content bundles

Regulation updates and policy content are delivered as signed bundles. Customers can verify that what they are importing came from Vigil24 and has not been modified in transit.

Access control

Role-based access control with custom roles. Every access change is logged. Sensitive actions require separate persons for submission and approval.

Encryption

Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256).

Single sign-on

SSO support for enterprise deployments is in progress. Raise it in a demo conversation if it is a requirement.