Level 9 Virtual is committed to protecting the confidentiality, integrity, and availability of all client data entrusted to us. This Data Security Policy describes the administrative, technical, and physical controls we implement to safeguard your information and outlines our responsibilities in the event of a security incident.
Technical Security Controls
Encryption
All data in transit is encrypted using TLS 1.2 or higher. All data at rest is encrypted using AES-256. This applies to client business data, VA monitoring data, and all platform communications.
Access Controls
Role-based access controls (RBAC) ensure that team members can only access the data and systems required for their specific role. Access is granted on a least-privilege basis and reviewed regularly.
Monitoring and Logging
All access to client-related systems is logged and monitored. Security event logs are reviewed on an ongoing basis and retained for a minimum of 90 days to support incident investigation.
Infrastructure
The Level 9 OS™ and associated systems are hosted on enterprise-grade cloud infrastructure with geographic redundancy, automated failover, and daily encrypted backups.
Authentication
Platform accounts are protected by strong password requirements. Multi-factor authentication (MFA) is available and strongly encouraged for all client accounts.
Vulnerability Management
We conduct periodic reviews of our platform and infrastructure for known vulnerabilities. Critical vulnerabilities are prioritized and remediated on an expedited basis.