Schedule Meeting

a

Consulting Policy

This page contains information about how we will work together, and which guarantees Vettabase will offer to your organisation.

Non-disclosure agreement

Information about your infrastructure and your business will never be used or disclosed without your permission.

We are available to sign a non-disclosure agreement (NDA) before beginning the consulting work.

Credentials to your systems

We will use a virtual private network (VPN) if required. However, it is important that an adequate client exists for both Linux and macOS.

Access to your systems will happen via ssh, with key-based authentication. We will send you the public key(s) we use.

We will not share out keys via keyrings, because keyrings do not provide a way to guarantee the key owner’s identity.

If one of our keys is compromised, we will send you a key revocation certificate where possible.

If further passwords or credentials need to be communicated, they can be placed on the server that we will be able to access via ssh. The file will be deleted from the server as soon as we get the information. In this way, no passwords need to be sent directly to us, in any form.

It is highly recommended that we use a jumphost under your control. It will be the only server that we will directly access. We will then access other servers and services from the jumphost.

Sharing sensitive information

On our side, your secrets and sensitive information will be protected in the following ways:

  • No sensitive information will be stored in a clear form or sent over a network in an unprotected way;
  • No sensitive information will be left on a device usable by other persons without the necessary protections (for example, they will not be in a laptop without password on a Starbucks table);
  • In case a device containing your sensitive information is stolen, or in case your data is stolen in any other way, you will be immediately alerted.

Communications

Normal communications will happen via:

  • emails;
  • a Slack channel;
  • Skype, Zoom or Telegram.

No secrets or other sensitive information will be communicated using these channels without a form of end to end cryptography.

Your information on our systems

We use tools to organise the projects we perform for our customers and to communicate with out customers. For examples, we share a wiki and a project management tool with out customers.

We take the following security measures to protect all information contained in our tools:

  • Tools are hosted on our systems hosted by AWS: you don’t have to trust any other third party;
  • 2 Factors Authentication is required for all users;
  • Secure HTTPS connections are required to use our tools;
  • All relevant disks are encrypted;
  • Backups are encrypted;
  • User permissions are granted in a granular way. No customer can access any information about any other customer.

Questions

In case of further doubts or questions, please contact us.