At Vuelio, part of the Pulsar Group, we take a holistic and proactive stance on cybersecurity, integrating these principles into our comprehensive Information Security Management System (ISMS). Our ISMS safeguards information offline and online, consistently achieving and maintaining ISO 27001 certification. This international standard demonstrates our unwavering commitment to applying the most rigorous risk management models to protect data for both Pulsar Group and our valued clients.
Our ISMS encompasses:
Asset Management: We maintain a comprehensive inventory of all assets, with dedicated owners ensuring their confidentiality, integrity, and availability. All company laptops are secured with hard drive encryption, user lockout policies, strong password rules, Endpoint Detection & Response (EDR) software, anti-virus, VPN, and disabled removable media, restricting standard users from installing software. URL and email scanning, along with regular patching, further strengthen our device security.
Supplier Management: We meticulously review new suppliers to ensure their security and privacy postures align with Pulsar Group's Information Security Policy, conducting annual reviews post-onboarding.
Access Control: We adhere to the principle of least privilege, providing users with only the minimum access required for their roles. Our Vuelio product includes standard password complexity rules, and clients can enhance their security further by enabling:
Workforce Commitment: Every member of the Pulsar Group team is dedicated to the security and privacy of information. All colleagues understand their responsibilities, are bound by confidentiality agreements, and participate in ongoing training programmes covering topics like phishing detection, secure remote working, GDPR compliance, and incident reporting.
Physical Security: Our London-based offices benefit from robust physical security measures, including CCTV, 24-hour security guards, secure lifts, an occupied reception desk for visitor sign-in and lanyards, and staff access card systems.
Network Security: All data transferred to Vuelio is encrypted with TLS 1.2 or higher, and client data stored within Vuelio is encrypted with AES 256.
Product Development: Our engineers are trained in common vulnerabilities (e.g., XSS, SQL injection) and regularly consult the OWASP Top 10 and guidance from NCSC and other security experts. All source code changes undergo multi-stage peer review by developers and product managers before deployment.
Vulnerability Management: Our online products undergo regular vulnerability scans and annual penetration tests. Findings are categorised by severity and swiftly mitigated within agreed timeframes (e.g., critical vulnerabilities within 14 days).
Patch Management: We maintain a rigorous patch management process, ensuring all devices are updated with the latest security patches from vendors and the wider tech community. Obsolete devices no longer receiving security updates are promptly replaced.
Backups: We implement robust backup strategies for products and critical business data, with regular restoration testing. Backups are stored on separate, immutable, encrypted systems with privileged, MFA-protected access, safeguarding them from ransomware. Vuelio maintains point-in-time backups for 7 days, weekly backups for a month, replicated to an alternative Azure UK-West region and retained for 30 days.
Logs and Monitoring: We utilise third-party tools for enhanced monitoring, and cloud hosting provides built-in monitoring for access and changes.
Business Resilience: In the event of a suspected or actual security incident, our Incident Response Team is immediately alerted. We maintain comprehensive documentation for incident management, disaster recovery, and business continuity, with plans tested annually. Clients receive incident notifications via email within 24 hours, followed by a full report within 5 days.
Further Reading
For more detailed information, please refer to our dedicated help pages: