Viewst Information Security Policy: Shared Responsibility Model
Effective Date: January 7, 2025
Applies to: All Viewst employees, contractors, and third-party partners
Purpose and Scope
This policy defines the division of information security responsibilities between Viewst and its service providers, as well as internal roles for protecting company and customer data.
Shared Responsibility Overview
Information security at Viewst is a collaborative effort between the company (as a customer of cloud and SaaS services) and its service providers. Each party is accountable for specific layers of security controls and operational practices.
Viewst (Service Provider) Responsibilities
Viewst is responsible for the security and availability of the underlying services it provides to customers. This includes, but is not limited to:
Security patching of infrastructure and applications,
Encryption of customer data at rest and in transit,
Security event logging and continuous monitoring,
Incident management and response,
Service uptime monitoring and availability.
Customer Responsibilities
Customers using Viewst’s services are responsible for:
Providing complete and accurate information to Viewst as required for account creation and support,
Ensuring the security of devices used to access Viewst services,
Setting up and managing user authentication and access controls appropriately,
Managing which users have access to the service, data, and design files,
Reporting security issues promptly to Viewst,
Managing the security of any third-party applications or integrations used in their environment, including plugins or apps that connect to Viewst via official APIs.
Internal Roles and Responsibilities
Role
Responsibilities
Executive Management
Approve IS policy, allocate resources, and provide oversight.
DevOps
Implement and manage IS controls, monitor systems, respond to incidents, conduct risk assessments.
IT Administrators
Configure and maintain secure infrastructure, manage user access, enforce technical controls.
Data Owners
Classify and protect data, approve access rights.
All Employees
Follow security policies, use strong authentication, report incidents, and complete training.
Best Practices for Secure Use
Use invite-only sharing for sensitive files and data,
Regularly review and update sharing permissions,
Avoid public links unless absolutely necessary and revoke them promptly when no longer needed,
Use strong, unique passwords and enable multi-factor authentication where possible.
Policy Review and Updates
This policy is reviewed annually or upon significant changes to Viewst’s services or regulatory requirements.
Reporting and Support
For questions or to report a security issue, contact:
hello@viewst.com
By following this shared responsibility model, Viewst and its customers work together to ensure data security, service reliability, and regulatory compliance.