Vergo maintains strict, documented controls over who can access its systems and customer data. Access is granted on a need-to-know basis and governed by formal policies covering provisioning, modification, and revocation.
System and application access
Unique credentials required — access to Vergo's systems and applications requires a unique username and password combination, or authorization via SSH key. Shared credentials are not permitted.
Production access is restricted — access to production applications, databases, and the production network is limited to a defined set of authorized personnel with a clear business justification.
Encryption keys are tightly controlled — only employees with a direct operational need are granted access to encryption keys.
Access is revoked promptly upon termination — system access for departing employees is revoked in accordance with established service level agreements, with no exceptions.
Network security
Network segmentation — customer data environments are isolated through network segmentation, preventing unauthorized lateral movement across systems.
Firewall management — firewall configurations are reviewed and updated on a regular basis, with all changes tracked through to completion.
Encrypted remote access — remote access to Vergo's production systems is encrypted and restricted to authorized employees only.
Hardening standards — Vergo's network and systems are configured according to documented hardening standards, reviewed annually.
Monitoring and log management
Vergo employs advanced log management and monitoring tools to detect events that could impact the security or operational integrity of the platform. Formal vulnerability management and system monitoring policies are in place and reviewed on a regular cadence.
Annual control assessments
Vergo conducts annual self-assessments of its security controls to verify their effectiveness, with corrective actions taken as needed to meet established service level agreements.