your secure software partner

Upon employment, all Wialon team members are required to read our information security policies and requirements and comply with them. At least once a year, internal training on information security and privacy is conducted for the whole team. Specialized, in-depth training is also provided for roles with enhanced access to data, such as top management and software development positions.

Wialon defined roles and responsibilities with limited access to resources and assets. This ensures that any conflicting roles are segregated to maximize process objectivity and effectiveness. Granting access to the company’s resources and assets is based on “Everything is generally forbidden unless expressly permitted.” We determine access rights based on the least privilege principle, as well as the Need-to-know and Need-to-use approaches.

To enhance security while working remotely, we employ such measures and tools as VPN, personal SSL certificates, anti-virus software, strong passwords, clean desk and clean screen policies, automatic computer locking during inactivity, and adhering to rules for using information responsibly.

In our offices, spaces are segmented into distinct zones based on job duties, and access to these areas is controlled through the use of ID badges. Additionally, access to company equipment is strictly regulated, and protective measures are in place to shield against external impacts on this equipment.

All of the information that you share with Wialon is protected. Information confidentiality is upheld through different technical and organizational measures, coupled with a mandatory requirement for employees and third parties to sign NDAs. We also incorporated GDPR standards into our data practices. To ensure we handle personal information safely and responsibly, we regularly conduct security checks in Wialon, following global standards.

Wialon has a dedicated policy and continuity plan outlining the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for key ICT services. Asset owners, in line with this plan, have developed disaster recovery plans, which undergo periodic testing and updating as needed. Wialon uses Tier 3 data centers, which play a crucial role in ensuring seamless operations and service provision. Also, at least once a year, a third-party pentest is conducted. Please contact Wialon technical support if you need the pentest confirmation.

Our team applies advanced approaches to software development. We monitor the landscape of various vulnerabilities and undergo security audits by certified third-party firms at least once a year. We prioritize product quality, consistently refine testing processes, and integrate information security and privacy measures at every stage of the product life cycle.

The main goal of incident management is to restore normal business operations following emergencies swiftly. To do this, Wialon defined roles, information channels, and procedures for incident classification, response, consequence elimination, and recurrence prevention. 

We identify risks to assets based on a specific threat presence and its related vulnerability. Following the risk assessment, we devise management strategies and propose mitigation measures for significant risks, which may involve enhancing current processes or introducing new ones in response to identified opportunities.

We use a combination of expert analysis and advanced tools (like Zabbix and status.wialon.com) to monitor events, detect system abnormalities, and prevent threats. Asset owners define the monitoring scope, frequency, and record storage, and they manage logging and alerts to ensure regular monitoring and response.