OverseasConnect Security Protocols

Modified on Mon, 30 Jun at 7:02 PM

Overview 


At OverseasConnect, we are dedicated to building trust through robust security, privacy, and reliability in our global connectivity platform. Our Trust Center is designed to provide complete transparency into how we protect your data and ensure seamless, secure operations for users worldwide. By adhering to industry-leading standards, implementing stringent security protocols, and maintaining clear data governance policies, OverseasConnect empowers businesses, partners, and individuals to connect confidently across borders. The Trust Center outlines our commitment to safeguarding your information, ensuring compliance, and fostering a trusted environment for international collaboration and communication.


TABLE OF CONTENTS


What are the certifications of OverseasConnect?  

Security Certifications at OverseasConnect 

At OverseasConnect, we prioritize the security, integrity, and compliance of your data. As part of Vistra’s International Expansion Services (IES) division, our platform adheres to industry-leading standards to ensure trust and transparency for our global clients. 

Our Certifications 

OverseasConnect is covered under both SOC 1 and SOC 2 certifications as part of Vistra’s IES division. These certifications are issued by independent auditors in accordance with AICPA standards and are renewed annually. 

The most recent SOC 1 and SOC 2 certifications were issued in 2024. 

  • SOC 1 validates the effectiveness of our internal controls over financial reporting. 
  • SOC 2 confirms our commitment to securing client data through controls covering security, availability, processing integrity, confidentiality, and privacy. 

 

What is the Encryption Method? 

Data Encryption at OverseasConnect 

At OverseasConnect, safeguarding your data is a top priority. Our platform, hosted on Microsoft Azure infrastructure, employs robust encryption methods to protect information both at rest and in transit—ensuring your data remains secure throughout its lifecycle. 

Encryption at Rest 

All OverseasConnect databases use Transparent Data Encryption (TDE), a native feature of Azure SQL. TDE is enabled across all environments to ensure that data is encrypted while stored, without requiring application changes. 

We utilize 256-bit Advanced Encryption Standard (AES)—a widely trusted, industry-standard algorithm—to secure data at rest against unauthorized access. 

Encryption in Transit 

To protect data in motion, our web application uses HTTPS over Transport Layer Security (TLS) version 1.2. This ensures all communications between users and the platform are encrypted and authenticated, preserving data confidentiality and integrity during transmission. 


What is Security Testing & Risk Management? 


Penetration Testing and Vulnerability Management 

 

Overseas Connect conducts annual third-party penetration testing to assess and strengthen the security of our platform and supporting infrastructure. These assessments are performed by independent security experts using industry-standard methodologies. 

 
All critical and high-risk findings are addressed immediately upon discovery. Medium and low-risk vulnerabilities are tracked and resolved as part of our regular release cycles within the same calendar year. We document all findings and remediation steps to ensure full traceability and follow-through. Summary reports are available upon request under a non-disclosure agreement. 


What is Backup Policy 

All databases on Azure SQL server are Geo-redundant, replicating near-real-time data to Azure West Europe region from Azure North Europe.   

The retention policy for PITR is 7 to 35 days for the database. The differential backup frequency is 24 hours for all databases. 

These backups require no manual intervention and are automatically managed, monitored, and retained according to Azure’s high-availability and durability SLAs. 

Access Management at OverseasConnect 

At OverseasConnect, we prioritize secure, scalable, and role-aware access to your data. Our platform is built on Microsoft Azure infrastructure and combines modern authentication with robust internal authorization controls to ensure users access only the data they need. 

Authentication with Auth0 

All user login authentication is managed through Auth0, a secure and flexible identity platform that supports enterprise-grade protocols such as SAML and OpenID Connect. This centralized authentication system provides: 

  • Secure login experiences 
  • Multi-factor authentication (MFA) 
  • Federated identity and SSO options 

Auth0 ensures consistent, secure access across environments while enforcing strong identity and access management policies. 

Internal Authorization via Azure 

After authentication, access within the application is governed by our Azure-based access control system, which includes: 

  • Role-Based Access Control (RBAC): Users are assigned roles that define what actions they can perform and what data they can access. 
  • Claims-Based Authorization: Additional permissions are refined using claims, enabling fine-grained control based on user attributes and context. 
  • Multi-Tenant Architecture: Our platform ensures strict separation of client data while allowing flexible access configurations per organization. 

Security Tools Supporting Access Management 

OverseasConnect’s access controls are reinforced by leading security tools: 

  • Microsoft Defender for Cloud identifies access misconfigurations and enforces security best practices. 
  • Microsoft Sentinel detects suspicious login behavior and access anomalies in real time. 
  • Cloudflare protects the authentication layer from external threats like DDoS and credential abuse. 
  • Wiz highlights identity risks, such as overly broad permissions or exposed credentials. 

These tools work together to secure both the authentication process (via Auth0) and internal access policies (via Azure), ensuring strong, end-to-end protection 

Client User Access 

Client users are provisioned according to their organization’s defined structure. Each user is assigned only the access needed for their responsibilities, reducing the risk of unauthorized access. 

Vistra User Access 

Internal Vistra users and affiliates are granted access strictly based on their role in servicing the client. Permissions are aligned with contractual obligations to ensure confidentiality and compliance. 

We also conduct ongoing access monitoring and regular reviews to ensure that user roles remain appropriate over time and that access is promptly adjusted as responsibilities change. 

 

What are OverseasConnect Incident Response Plan? 

Disaster Recovery at OverseasConnect 

At OverseasConnect, we are committed to ensuring the continuity and security of your operations. Our comprehensive Disaster Recovery (DR) Plan is designed to minimize downtime and data loss in the event of an unplanned incident, enabling rapid restoration of services across both our Azure infrastructure and authentication systems. 

Disaster Recovery Plan 

Our DR Plan outlines well-defined procedures for recovering critical systems and data. Two key metrics guide our response: 

  • Recovery Time Objective (RTO): The maximum acceptable downtime for systems, applications, or networks. OverseasConnect’s RTO is 24 hours, ensuring prompt service restoration and minimal disruption to your global operations. 
  • Recovery Point Objective (RPO): The maximum acceptable period of data loss during an incident. OverseasConnect’s RPO is 1 hour, meaning we aim to limit potential data loss to no more than one hour's worth of activity. 

The DR scope includes restoration of both our Azure-hosted platform and the Auth0-based authentication system, ensuring end-to-end service continuity. 


We’re committed to maintaining your trust through transparency and robust security practices. If you have any questions or need further assistance, please raise a ticket, and our support team will respond as soon as possible. 


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article