ShareVault Security Policy
Revision 2.3 (03/03/2021)

Summary

The ShareVault platform is used primarily by enterprises to share sensitive information with third parties in a variety of applications including due diligence document review. The security of customer data is the top priority for our business, a priority that is reflected in the design of the ShareVault platform, ShareVault’s internal policies and procedures, as well as the choice of our partners. Security processes and technology are in place to assure the highest levels of data security, data availability / up time as well as the network security, application security and physical security measures.

Purpose

The purpose of this policy is to communicate the requirement that all business units and partners that support the customer experience at ShareVault must develop and maintain a vigilant and effective security posture. This ensures that security management has all the necessary support and resources to maintain a successful security program protecting customer data.

Scope

This policy applies to all ShareVault personnel, business entities, support vendors and partners.

Policy

The development, implementation, and execution of Security Policies and Procedures are the primary responsibility of all employees and business units.

Security Program

ShareVault shall maintain a security program lead by the Chief Information Security Officer and supported by senior executives. The security program is based on industry best practices and the ISO 27001 international security standards.

Secure Product

ShareVault shall maintain a secure development process with which we create and maintain the ShareVault platform. This includes specific standards for secure and trustworthy development, testing, and operations.

Employee Security

ShareVault shall maintain a trustworthy workforce by screening, training and equipping them with appropriate security skills, awareness, and tools.

Secure Environment

ShareVault shall maintain a safe workplace and physical security for administrative, engineering and operations teams. Security extends to the computing infrastructure, networks, development systems, and administrative systems.

Risk Management

ShareVault shall maintain security by measuring risk and implementing security controls to mitigate risk to acceptable levels. Possible threats are monitored to ensure security measures are adjusted to prevent or contain them. Information systems are continually monitored to verify security controls are operating correctly and detect suspected security attacks or abuses. Security incident response teams shall be maintained in the ready to address issues and launch corrective measures. Systems are also periodically tested for vulnerabilities to preemptively protect the ShareVault platform, protect customer data, and maintain compliance with legal and regulatory requirements.