Voyager Security

Let us help you with your security-related questions.

Documentation

Commensurate with a company following ISO 27001 standards, we are happy to provide any of the following documents upon request:

GDPR compliance policy
  • Disaster recovery plan
  • Incident response plan
  • IT security policy
  • Confidential data policy
  • General system architecture map

Q&A

We conduct audits as deemed necessary by industry monitoring, or every 6 months (whichever is shorter) we conduct an internal audit on our documentation and processes.

Data in transit is encrypted via Hypertext Transfer Protocol Secure (https). Data at rest is not encrypted, and this is a conscious decision that was made to improve performance for our end users. We would be open to take these steps at a client’s specific request. Our encryption algorithm is the RSA algorithm with a key size of 2,048 bits.

Encryption keys are individually stored in a secure location which is only accessible by
high-security level developers with strong, regular security training; keys are updated regularly. All access to the platform is strictly controlled by a system of unique passwords and encryption.

We use cross-site scripting and SQL injection. Voyager uses MySQL for databases (which is a relational database system).

Yes, our developers check vulnerabilities after every new feature is developed and before every new deployment.

All code is reviewed by at least 2 other developers for its comprehensiveness/security before deployment. We run sast and dast testing, and unit testing.

We rely on Amazon Web Services to cover security monitoring. We utilize DDOS protection and Amazon GuardDuty, among other standard defenses. We run the whole environment in redundancy in 2 distinct Amazon regions (please see Disaster Recovery Document). We have daily backups from the database.

Yes, there are always at least 4 environments available for internal testing, QA, demos and production.

The tenancy of the system is such that we can separate data and provide a legal hold for some users while allowing other users to continue on the platform.

Yes, we allow our users to create historical reports. We can also provide reports upon demand given specific constraints (dates/routes/counterparties, etc.)

Depending on the specific agreement with our clients, we offer continuous availability at a >99% level. Further info on SLAs can be provided upon request.

Deployment occurs on average every 2 weeks with upgraded features. Prior to new feature deployments (i.e., large, substantial modules), release notes will be included along with any necessary training. Deployments can be rolled back within a day if bugs or other performance problems are identified.