This page contains a brief description of how data security is handled in Viima's application. For more detailed descriptions or questions related to information security, please contact our support: support@viima.com.

In short, we have a detailed Information Security Management System (ISMS) in place, with a strong focus on continuous improvement. We follow the controls of the ISO27001 framework, and have ISAE3000 (International version of SOC2) audits done by trusted external parties (most recently a Big Four company). We also have a strong focus on data privacy, and are fully GDPR compliant.

As Viima provides a web-based application, all the security-related issues have been taken into consideration in the backend (server side). The backend has been developed with the Django framework that provides XSS protection, CSRF protection, SQL injection protection, clickjacking protection, HTTPS support, host header validation, and session security amongst others. These are implemented at the security layer 0 depicted in the diagram below. Further information about these topics can be found from:

https://docs.djangoproject.com/en/dev/topics/security/

The application is developed so that Django acts only as a REST API providing JSON data to the front end. Thus the user restrictions have been implemented on their own layers (security layers 1-3 in the diagram below)
​

Viima hosts the service in cooperation with trusted, reputable, and well-known partners. By default, all data resides within the EU region. Our servers are hosted by Amazon Web Services (AWS) which is a cloud computing platform provided by Amazon.com.

Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. [AWS security white paper]

The respective data security descriptions of AWS can be found from:

https://aws.amazon.com/compliance/resources/:

AWS security white paper:

https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf

AWS Risk and Compliance Overview:

https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Overview.pdf

AWS Certifications, Programs, Reports, and Attestations:

https://d0.awsstatic.com/whitepapers/compliance/AWS_Certifications_Programs_Reports_Third-Party_Attestations.pdf

ISO 27001 Certification:

https://d0.awsstatic.com/certifications/iso_27001_global_certification.pdf

To further enhance security, all HTTP traffic is encrypted with SSL/TLS, and the customer data is also encrypted at rest. Viima follows the latest security measures on both occasions.