Effective security goes beyond technology. Vergo's organizational practices ensure that the people and processes behind the platform meet the same high standards as its technical infrastructure.
People and hiring
Background screening: all new employees and contractors undergo background checks prior to joining Vergo.
Confidentiality agreements: every employee and contractor is required to sign a confidentiality agreement, reinforcing the protection of sensitive customer and company information.
Code of conduct: all personnel acknowledge a formal code of conduct upon joining, with any breaches subject to disciplinary action in accordance with company policy.
Annual performance evaluations: managers conduct annual reviews for all direct reports, which include assessment of adherence to security protocols.
Vendor and third-party risk management
Third-party vendors are evaluated and assigned a risk tier based on the sensitivity of the data they can access and their potential impact on Vergo's operations. Vendors are reviewed before being granted access to Vergo systems or data, and higher-risk vendors are subject to ongoing oversight.
Change management
Changes to Vergo's production systems and applications go through a formal review process. Each change is evaluated by a cross-functional review committee, requires a documented rollback plan before implementation, and is logged from submission through completion.
Business continuity and disaster recovery
Vergo maintains documented Business Continuity and Disaster Recovery plans, tested annually. See "How Vergo backs up and recovers your data" for details on backup frequency, encryption, and recovery procedures.
Asset disposal
When electronic media reaches end of life, Vergo follows documented secure disposal procedures, including the secure deletion of confidential information and the issuance of destruction certificates for each disposed device.
Development practices
Vergo adheres to a formal Systems Development Life Cycle (SDLC) methodology, ensuring security is considered and validated at every stage of platform development and maintenance.
