Security Policy

1.   OBJECTIVE AND SCOPE OF POLICY

Vitrium Systems Inc. is committed to delivering high-quality content security and digital rights management (DRM) solutions that offer the best end user experience. The company strives to strike a balance between the level of protection and user experience. Customers that use Vitrium’s content security and DRM solutions, Vitrium Security, are responsible for the policies and methods they use to secure and distribute content using Vitrium technology as there are different methods and settings in the software that offer varying levels of security and control.

2.   OUR COMMITMENT TO DATA PROTECTION & INFORMATION SECURITY

Data security providers must be responsible for constantly improving their software or service infrastructure, in order to control any weaknesses that hackers may be able to exploit. At Vitrium, we take this responsibility very seriously because we know that content protection is a serious matter for our clients. We are continually developing and improving our technology in order to prevent unauthorized tampering, hacker attacks or other malicious intentions. We continually review and strengthen our security measures in the software and with the encrypted files.

Vitrium is committed to data protection, information security and transparency when handling personal data, in accordance with accepted information security industry standards. Our data hosting provider, Dimension Data is also committed to this. Dimension Data has numerous certifications including ISO 27001, SOC1, and CSA-STAR. Both Vitrium and Dimension Data will comply with all privacy laws and regulations, (including the General Data Protection Regulation) to which it is subject. Vitrium further commits to: (i) not use, edit or disclose Customer Data to any party not involved in providing the software or not authorized to use the software; (ii) maintain the security and integrity of the software and customer data; (iii) provide support to the customer per the terms of use or agreement signed with the customer, (iv) use commercially reasonable efforts to make the software generally available 24 hours a day, 7 days a week, except for: (a) planned downtime or (b) downtime caused by circumstances beyond Vitrium’s reasonable control, including acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems not involving Vitrium employees, computer or telecommunications failures or delays involving hardware or software not within Vitrium’s possession or reasonable control, and network intrusions or denial of service attacks, but only to the extent unavailability results notwithstanding the exercise by Vitrium of reasonable care and due diligence to avoid or mitigate the same in anticipation of or in response to such causes.

3.   COMPLIANCE WITH COPYRIGHT PROTECTION ACTS

There are numerous laws and regulations in place that specifically criminalize the development and distribution of technology, processes or practices that can bypass measures to protect intellectual property including the Digital Millennium Copyright Act (in the US) and the Copyright Directive (in Europe). Vitrium advises its customers to ensure they clearly mark whether their content contains any confidential, sensitive or copyrighted information and to advise against the unauthorized use of that content per copyright protection laws such as these.

4.   HOW VITRIUM’S SECURITY WORKS

Vitrium’s software provides customers with two different protected file outputs with different encryption levels: (i) the protected PDF file (which requires Adobe Reader or Acrobat to view) offers 128-bit AES encryption with additional obfuscating layers protecting the content; and (ii) the secured web format (which requires any web browser to view) offers 256-bit AES encryption. In addition, customers have an array of other settings and digital rights management (DRM) policies that they can apply to the content to restrict sharing, printing, and copying. Such policies may include print & copy controls, PDF or browser limits, expiry dates, IP address limits, content limits, and more. It is through this combination of encryption and DRM control that allows customers to secure their valuable, sensitive or copyrighted content with Vitrium technology.

5.   MALICIOUS USE, HACKS OR OTHER POTENTIAL THREATS

Even the toughest content security and DRM solutions do not guarantee permanent protection – there are occasional threats from hackers. Although these hackers represent a relatively small community of technically skilled individuals, they are at times able to bypass DRM measures. While Vitrium takes all appropriate measures to mitigate any risks, the company is not responsible for any accidental, malicious or other types of misuse of the content contained within the secured documents. Vitrium does encourage its customers to take advantage of certain features that offer the best type of protection, including (but not limited to):

  • Blocking printing and copying
  • Setting open limits, IP address limits, or PDF/browser limits to prevent unauthorized sharing
  • Adding a dynamic user-identifying watermark on the content
  • Adding a disclaimer in their content, login page or website mentioning that “This content contains copyrighted material. Any unauthorized sharing, printing or posting to any other website is prohibited.”
  • Leverage Vitrium’s secure web format for a higher level of encryption
  • Leverage Vitrium’s single sign-on (SSO) options for a higher degree of control

6.   CHANGES TO SECURITY POLICY AND PRACTICES

In the event Vitrium intends to materially change its security policies or practices, it will publish notice on the website prior to the change becoming effective. For any questions or concerns about this policy, please contact Vitrium through one of the following methods:

Phone: 1-866-403-1500 or 1.604.677.1500

Email: click here to contact us

Mail:
Vitrium Systems Inc.
550 – 409 Granville Street
Vancouver, BC  Canada  V6C 1T2

Updated:
March 6, 2018