Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            OverseasConnect Security Protocols

            Modified on Mon, 30 Jun at 7:02 PM

            Overview 


            At OverseasConnect, we are dedicated to building trust through robust security, privacy, and reliability in our global connectivity platform. Our Trust Center is designed to provide complete transparency into how we protect your data and ensure seamless, secure operations for users worldwide. By adhering to industry-leading standards, implementing stringent security protocols, and maintaining clear data governance policies, OverseasConnect empowers businesses, partners, and individuals to connect confidently across borders. The Trust Center outlines our commitment to safeguarding your information, ensuring compliance, and fostering a trusted environment for international collaboration and communication.


            TABLE OF CONTENTS


            What are the certifications of OverseasConnect?  

            Security Certifications at OverseasConnect 

            At OverseasConnect, we prioritize the security, integrity, and compliance of your data. As part of Vistra’s International Expansion Services (IES) division, our platform adheres to industry-leading standards to ensure trust and transparency for our global clients. 

            Our Certifications 

            OverseasConnect is covered under both SOC 1 and SOC 2 certifications as part of Vistra’s IES division. These certifications are issued by independent auditors in accordance with AICPA standards and are renewed annually. 

            The most recent SOC 1 and SOC 2 certifications were issued in 2024. 

            • SOC 1 validates the effectiveness of our internal controls over financial reporting. 
            • SOC 2 confirms our commitment to securing client data through controls covering security, availability, processing integrity, confidentiality, and privacy. 

             

            What is the Encryption Method? 

            Data Encryption at OverseasConnect 

            At OverseasConnect, safeguarding your data is a top priority. Our platform, hosted on Microsoft Azure infrastructure, employs robust encryption methods to protect information both at rest and in transit—ensuring your data remains secure throughout its lifecycle. 

            Encryption at Rest 

            All OverseasConnect databases use Transparent Data Encryption (TDE), a native feature of Azure SQL. TDE is enabled across all environments to ensure that data is encrypted while stored, without requiring application changes. 

            We utilize 256-bit Advanced Encryption Standard (AES)—a widely trusted, industry-standard algorithm—to secure data at rest against unauthorized access. 

            Encryption in Transit 

            To protect data in motion, our web application uses HTTPS over Transport Layer Security (TLS) version 1.2. This ensures all communications between users and the platform are encrypted and authenticated, preserving data confidentiality and integrity during transmission. 


            What is Security Testing & Risk Management? 


            Penetration Testing and Vulnerability Management 

             

            Overseas Connect conducts annual third-party penetration testing to assess and strengthen the security of our platform and supporting infrastructure. These assessments are performed by independent security experts using industry-standard methodologies. 

             
            All critical and high-risk findings are addressed immediately upon discovery. Medium and low-risk vulnerabilities are tracked and resolved as part of our regular release cycles within the same calendar year. We document all findings and remediation steps to ensure full traceability and follow-through. Summary reports are available upon request under a non-disclosure agreement. 

            What is Backup Policy 

            All databases on Azure SQL server are Geo-redundant, replicating near-real-time data to Azure West Europe region from Azure North Europe.   

            The retention policy for PITR is 7 to 35 days for the database. The differential backup frequency is 24 hours for all databases. 

            These backups require no manual intervention and are automatically managed, monitored, and retained according to Azure’s high-availability and durability SLAs. 


            What are the Access Controls? 

            Access Management at OverseasConnect 

            At OverseasConnect, we prioritize secure, scalable, and role-aware access to your data. Our platform is built on Microsoft Azure infrastructure and combines modern authentication with robust internal authorization controls to ensure users access only the data they need. 

            Authentication with Auth0 

            All user login authentication is managed through Auth0, a secure and flexible identity platform that supports enterprise-grade protocols such as SAML and OpenID Connect. This centralized authentication system provides: 

            • Secure login experiences 
            • Multi-factor authentication (MFA) 
            • Federated identity and SSO options 

            Auth0 ensures consistent, secure access across environments while enforcing strong identity and access management policies. 

            Internal Authorization via Azure 

            After authentication, access within the application is governed by our Azure-based access control system, which includes: 

            • Role-Based Access Control (RBAC): Users are assigned roles that define what actions they can perform and what data they can access. 
            • Claims-Based Authorization: Additional permissions are refined using claims, enabling fine-grained control based on user attributes and context. 
            • Multi-Tenant Architecture: Our platform ensures strict separation of client data while allowing flexible access configurations per organization. 

            Security Tools Supporting Access Management 

            OverseasConnect’s access controls are reinforced by leading security tools: 

            • Microsoft Defender for Cloud identifies access misconfigurations and enforces security best practices. 
            • Microsoft Sentinel detects suspicious login behavior and access anomalies in real time. 
            • Cloudflare protects the authentication layer from external threats like DDoS and credential abuse. 
            • Wiz highlights identity risks, such as overly broad permissions or exposed credentials. 

            These tools work together to secure both the authentication process (via Auth0) and internal access policies (via Azure), ensuring strong, end-to-end protection 

            Client User Access 

            Client users are provisioned according to their organization’s defined structure. Each user is assigned only the access needed for their responsibilities, reducing the risk of unauthorized access. 

            Vistra User Access 

            Internal Vistra users and affiliates are granted access strictly based on their role in servicing the client. Permissions are aligned with contractual obligations to ensure confidentiality and compliance. 

            We also conduct ongoing access monitoring and regular reviews to ensure that user roles remain appropriate over time and that access is promptly adjusted as responsibilities change. 

             

            What are OverseasConnect Incident Response Plan? 

            Disaster Recovery at OverseasConnect 

            At OverseasConnect, we are committed to ensuring the continuity and security of your operations. Our comprehensive Disaster Recovery (DR) Plan is designed to minimize downtime and data loss in the event of an unplanned incident, enabling rapid restoration of services across both our Azure infrastructure and authentication systems. 

            Disaster Recovery Plan 

            Our DR Plan outlines well-defined procedures for recovering critical systems and data. Two key metrics guide our response: 

            • Recovery Time Objective (RTO): The maximum acceptable downtime for systems, applications, or networks. OverseasConnect’s RTO is 24 hours, ensuring prompt service restoration and minimal disruption to your global operations. 
            • Recovery Point Objective (RPO): The maximum acceptable period of data loss during an incident. OverseasConnect’s RPO is 1 hour, meaning we aim to limit potential data loss to no more than one hour's worth of activity. 


            The DR scope includes restoration of both our Azure-hosted platform and the Auth0-based authentication system, ensuring end-to-end service continuity. 


            We’re committed to maintaining your trust through transparency and robust security practices. If you have any questions or need further assistance, please raise a ticket, and our support team will respond as soon as possible. 


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0