Viewpoint Security FAQs

For any SOC and/or ISO 27001 related report requests as well as detailed security controls, please visit the Trimble Trust Portal.

What are your infrastructure and security controls?

We have a number of internal standards, policies and procedures to enhance the security of our customers’ data and to help ensure we comply with relevant legislation. There is a separation of duties and clear responsibilities across Viewpoint teams which include:

• Information Security Officer: responsible for corporate-wide information security policies and controls
• Privacy and Legal Team: responsible for legal aspects of data security and data privacy requests
• Security Teams cross-functional team that convenes regularly and is responsible for threat analysis, risk assessments, security monitoring and incident response
• Cloud Operations Team: responsible for hosting infrastructure in compliance with required security controls and best practices as well as penetration test remediation as needed

What is your technology stack?

Our hosting partners are Amazon Web Services (AWS), Microsoft Azure and Evolution Systems (in Australia). We also leverage third party security tools to ensure defense in depth for data integrity.

Does your software meet any third party security standards?

Viewpoint regularly validates internal security control standards using industry benchmarks. We believe independent third party assessments give our customers added confidence. In addition, we also verify that our partners and suppliers meet relevant recognised standards.

We have standards in place that meet SOC certification requirements. These requirements are part of the American Institute of CPAs (AICPA), the world’s largest association for accounting professionals.

These certifications can be viewed and downloaded in the Trimble Trust Portal.

How are systems monitored to ensure they are available and operating as expected?

Viewpoint has an established Secure Software Development Life Cycle policy which provides defense in depth against security threats and we leverage several industry standard tools to monitor our SaaS platforms and environments. We use vulnerability scanning, third party component analysis, intrusion detection, static and dynamic source code analysis and more to maintain security baselines.

How would a client be notified when a system outage occurs? What methods are available for communicating system status?

The Viewpoint product infrastructure is continuously monitored to ensure the highest level of availability and performance. Information will be maintained at https://status.viewpoint.com/ in the event of an interruption or degradation of service.

If you suspect a problem with system availability, please check the status page before logging a support case; in all likelihood, we are already aware of the issue, and are working to resolve it.

Customers can subscribe to updates. Viewpoint aims to notify customers of any material or significant security incidents that affect their data or their use of Viewpoint products and services as soon as possible.

What are your information security policies and procedures?

As part of our Written Information Security Program, we have a number of internal teams and organisational policies and processes to enhance the security of our customers’ data applicable to regulatory compliance standards. Viewpoint’s Information Security Office collaborates with our Legal team on a regular basis to ensure alignment with current privacy and regulatory requirements. We also maintain and follow a comprehensive set of information security policies, procedures and standards.