Security
Overview
At Version Story, Inc, we know the security of your digital experience and data is of paramount importance. Security practices are deeply ingrained into our internal software development, operations processes, and tools. Our cross-functional teams strictly follow these practices to help prevent, detect, and respond to incidents in an expedient manner.
We keep up to date with the latest threats and vulnerabilities through our collaborative work with partners, leading researchers, security research institutions, and other industry organizations and regularly incorporate advanced security techniques into the products and services we offer.
Encryption
All documents on Version Story are encrypted over-the-wire via TLS and at-rest via S3’s document encryption system (SSE-S3).
Version Story’s domains use TLS certificates provisioned by AWS Certificate Manager (CM).
AWS ACM certificates use SHA256withRSA as their signature algorithm. SSE-S3 encrypts each object with a unique key. Additionally, it encrypts the key itself and rotates it regularly. SSE-S3 uses the block cipher256-bit Advanced Encryption Standard (AES-256) to encrypt its object and keys.
Authentication & Authorization
Version Story users can authenticate via email and password or via a third-party authentication provider through OAuth + OIDC (OpenID Connect Protocol). Version Story currently supports authentication with Google Cloud Identity and Microsoft Entra ID.
Insurance & Certifications
SOC 2
Version Story undergoes routine audits by Prescient Assurance to maintain SOC 2 Type II security certification.
Penetration Testing
Version Story undergoes annual penetration testing conducted by Cacilian, LLC. Cacilian’s credentials include:
- NIST Cybersecurity Framework Certified.
- ISO 27001 Information Security Management Certified.
- PCI Security Standards Council.
Cyber Insurance
Version Story maintains a comprehensive insurance policy, issued by CFC Underwriting Ltd., which provides coverage for matters pertaining to cybersecurity, data privacy, professional liability, and errors and omissions. As an additional benefit, the policy affords the utilization of CFC's Cyber Incident Response Team in the event of an exigent cyber-related incident.
Vulnerability Scanning
Version Story undergoes regular vulnerability scanning by Security Scorecard, a leading security rating platform. In 2024, Version Story received a vulnerability scanning security score of 98 out of 100, reflecting a letter grade of A. The report further assessed that Version Story is on par with or better than industry averages for security best practices.
SSL Configuration
Version Story's SSL configurations have achieved an A+ rating from GlobalSign, highlighting our adherence to the highest encryption and security protocols. This rating reflects our implementation of advanced TLS configurations, ensuring robust encryption, perfect forward secrecy, and strong cipher suites.