Main Content
It’s one of our CORE values. We value it above all else. That’s why the security and integrity of our customers’ data are critically important to us here at Vena. In fact, we believe that a strong security program begins with the culture of our company. All of our employees are part of our culture of security. They understand that security and risk awareness are essential elements of our security framework. Our organization-wide commitment to security is why we employ best-of-breed technologies and stringent operational processes described on this page to help ensure that customer data is secure.
Vena has successfully completed SOC 1 & SOC 2 audits for our platform which were performed by Deloitte LLP. These examinations were conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA).
.png?width=300&name=AICPA-SOC_logo%20(1).png)
SOC 1
SOC 1 validates controls relevant to financial reporting and is available upon customer request.
SOC 2
SOC 2 assesses security controls against AICPA’s Trust Services Criteria (TSC) and is available upon customer request.
* SOC 1 and 2 Type II reports are available for the Vena on AWS environment. SOC 1 and 2 Type I reports are available for the Vena on Azure environment, with SOC 1 and 2 Type II reports expected to become available in spring 2025.
SOC 3
SOC 3 is a public report that summarizes security controls for public trust.
* The SOC 3 report for the Vena on AWS environment is available for download below. The SOC 3 report for the Vena on Azure environment will become available for download in spring 2025.
Vena is a Trusted Cloud Provider Member with the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. This strategic partnership aims to foster collaborative cybersecurity efforts, enhance data protection and promote a secure ecosystem—underscoring Vena’s unwavering commitment to safeguarding its customers’ data.
As a Trusted Cloud Provider with CSA, Vena reinforces its dedication to the security of its cloud-based corporate performance management software—which is trusted by leading organizations worldwide.
Our commitment to security is why we employ best-of-breed technologies and stringent operational processes to help ensure that customer data is safe at all times. Vena delivers Software as a Service (SaaS) with targeted security measures for all types of planning, budgeting, reporting and forecasting data sources. Vena maintains a number of procedures to comply with privacy (e.g. PIPEDA) and personal data protection (e.g. GDPR) obligations in the applicable jurisdictions. From a product standpoint, data handling standards are communicated to employees and Vena follows security by design principles to help ensure compliance with data protection requirements.
Vena’s security highlights include:
Vena operates only in AWS or Azure data centers that have been certified as ISO 27001 and PCI/DSS Service Provider Level 1. While AWS and Azure have data centers across the globe, Vena Hubs are hosted in Canada, United States or EU cloud regions. Customers can choose which Vena Hub region to leverage in order to meet data residency requirements and ensure optimal data transfer speed. Physical security measures such as biometric access controls, 24-hour guard force and video surveillance are used to ensure that no unauthorized access is permitted. For more information related to AWS’ or Azure’s security and compliance measures, please visit:
Nightly backups of customer data are performed and stored on the Amazon Simple Storage Service (S3) or Azure Blob Storage across multiple regions within the same geography to maintain data residency. At all times, current customer data is stored redundantly. In the event of a disaster recovery scenario, data is restored through snapshots.
Vena delivers Software as a Service (SaaS) with targeted security measures for all types of planning, budgeting, reporting and forecasting data sources. Vena invests in privacy and data protection compliance. Vena maintains a number of procedures to help secure our networks, hardware, applications, procured services and most importantly, our customers’ data. Our security framework and the supporting technical controls we operate are aligned to industry best practices to help ensure compliance with applicable data protection requirements. In addition, data handling standards are communicated to employees and Vena follows security by design principles to help ensure compliance with data protection requirements.
Vena has earned the TRUSTe Enterprise Privacy Certification, which demonstrates that we have met the requirements of the TRUSTe Enterprise Privacy & Data Governance Practices Certification Assessment Criteria.
This certification enables companies to demonstrate responsible data practices consistent with regulatory expectations and external standards for privacy accountability. By integrating these privacy standards into our organizational infrastructure, we demonstrate our dedication to safeguarding customer data while delivering innovative solutions to our customers. This certification is a key component of our broader commitment to trust, security and compliance. More information about our TRUSTe certification can be found here.
At Vena, we understand that end-to-end security is fundamental to our customers’ ability to entrust our services with their sensitive data. We remain committed to upholding a transparent security, privacy and data protection program that is efficient at scale and supports our customers’ ongoing needs.
At Vena, the security and integrity of our customers’ data are critically important. That’s why best-of-breed technologies and stringent operational processes are employed to ensure that customer data is secure. Data protection controls are continuously reviewed and updated as the security and regulatory landscape continues to change. Vena is committed to a transparent security program that is efficient at scale and supports our customers’ ongoing needs. For any further information, please contact us at: securityoffice@venacorp.com.