Trust Centre
Our commitment to security & compliance
Vendorapp is committed to protecting sensitive data and maintaining high security standards across every aspect of our platform. We adhere to industry-leading security and compliance frameworks, including ISO 27001, GDPR, CCPA, and SOC2 — and are actively working towards formal certification.
ISO 27001
Information security management aligned
SOC 2
Trust services criteria aligned
GDPR
EU data protection compliant
CCPA
California privacy compliant
Built on world-class cloud infrastructure
Vendorapp is hosted on Microsoft Azure and AWS — both of which meet rigorous security and compliance standards including ISO 27001, SOC2, GDPR, and HIPAA. These platforms provide enterprise-grade encryption, data redundancy, and built-in compliance controls to safeguard your data.
Microsoft Azure & AWS
Hosted on enterprise hyperscalers with globally distributed regions, automatic failover and 24/7 monitoring.
Compliance built in
ISO 27001, SOC2, GDPR and HIPAA controls inherited from our cloud providers and extended across our stack.
Key security practices at Vendorapp
The everyday controls that keep your information secure.
Data encryption
All data is encrypted at rest and in transit using industry-standard encryption protocols.
Access controls
Strict role-based access controls (RBAC) and multi-factor authentication (MFA) prevent unauthorised access.
Regular audits
We continuously monitor our systems and conduct security assessments to identify and remediate risks.
Compliance & best practices
Our security policies align with leading frameworks to ensure data privacy and regulatory compliance.
Our roadmap to certification
While Vendorapp is already aligned with key security standards, we are actively working towards achieving formal SOC2, ISO 27001 and GDPR certifications to provide even greater assurance to our customers.
Independent assessments
Conducting third-party security assessments to baseline our control environment.
Additional controls
Implementing extra controls to meet SOC 2, ISO 27001 and GDPR certification benchmarks.
Auditor verification
Engaging accredited third-party auditors to formally verify compliance.
Transparency & customer assurance
We believe in transparency when it comes to security. Vendorapp continuously improves its security posture and keeps customers informed about the steps we take to protect their data.
Have a security question?
Reach out to our team at support@vendorapp.co — we're happy to share details about our security and compliance posture.
Made to work for you
Securely enable collaboration and assess vendor performance and risk. Enjoy optimised performance with a secure, multi-tenant cloud architecture.
Scalability
Role-based access
Collaboration
Effortless lifecycle management
Security
Cloud infrastructure
Business insights
Privacy
We are dedicated to protecting our customers' data and maintaining the highest information security standards. Privacy and security are core principles that guide our development.
Vulnerability reporting & disclosure
We prioritize security and work with experts to fix vulnerabilities. Report any issues to privacy@vendorapp.io, and we'll address them promptly.
Operational security: zero-trust model for access
Users and devices undergo strict verification before accessing our resources, with consistent security protocols protecting our network.
Background checks
We are dedicated to protecting our customers' data and maintaining the highest information security standards. Privacy and security are core principles that guide our development.
Penetration testing
We undergo third-party network penetration tests on a routine basis.
Data encryption
We encrypt our customers' data in transit and at rest. Our operational controls ensure protection at every level of the company.
Data segregation
We have controls in place to ensure data between Dev, Test and Prod environments are secured to keep data safe.
Firewall controls
We have high levels of security and data is in a secure private cloud. Traffic is filtered and security is enhanced with load balancers and a web application firewall.
Device endpoint security
Mobile Device Management (MDM) is configured to enforce security for all employee devices. Enterprise anti-malware is installed to provide alerts on potential threats to prevent data leakage.
Start for free!
Take the first step in transforming your vendor management-no commitment needed. Get started with our free plan and see how Vendorapp makes managing vendor relationships easier and more secure.
Start freeWe use cookies to analyze usage and enhance site navigation to give you the best experience.