Security Statement

Last updated: January 24, 2026

1. Introduction and Scope

Vertex Digital Systems LLC (“Vertex,” “we,” “us,” or “our”) operates the website vertexdigitalsystems.net and provides managed IT support, cloud infrastructure, cybersecurity, and related services. This Security Statement describes our approach to protecting the confidentiality, integrity, and availability of our systems and of the data we process on behalf of our clients and visitors. It is intended to provide a high-level overview of our security practices and is not a guarantee of a particular security outcome. Security is managed through a combination of administrative, technical, and physical controls that we review and update as our services and risk environment evolve.

2. Governance and Risk Management

We maintain internal policies and procedures that define roles, responsibilities, and expectations for security across our operations. Our approach includes:

• Assigning responsibility for security oversight and for the implementation of controls.
• Identifying and assessing risks to our systems and data, and implementing controls to mitigate those risks to a level we consider acceptable.
• Reviewing and updating our security practices periodically and in response to significant changes in our services, technology, or threat landscape.

We do not claim to comply with any particular certification or framework unless we have explicitly agreed to do so in a contract. We align our practices with industry norms for a business of our size and scope.

3. Access Control and Identity Management

We implement access controls designed to ensure that only authorized personnel and systems can access our infrastructure and client data. Our approach includes:

3.1 Principle of Least Privilege

Access to systems and data is granted on a need-to-know and need-to-use basis. We review access rights periodically and revoke access when it is no longer required (e.g. upon role change or termination).

3.2 Authentication and Credential Management

We use strong authentication where feasible, including multi-factor authentication for access to sensitive systems. Passwords and other credentials are managed in accordance with our internal policies (e.g. complexity requirements, storage, and rotation where appropriate). We do not share credentials unnecessarily and we require our personnel to protect them.

3.3 Third-Party and Client Access

Where we grant clients or third parties access to our systems or data, we do so in a controlled manner and in accordance with the terms of the relevant agreement. We expect clients to protect their own credentials and to notify us promptly of any suspected compromise.

4. Data Protection

We protect data in accordance with its sensitivity and the context in which it is processed. Our approach includes:

• Classifying data where appropriate and applying controls (e.g. encryption, access restrictions) based on classification and risk.
• Using encryption in transit (e.g. TLS) for data transmitted over networks, and encryption at rest where we deem it appropriate for the type of data and the environment.
• Retaining data only for as long as necessary for the purposes for which it was collected or as required by law, and securely disposing of data when it is no longer needed.

Payment card data is processed by our payment service providers (e.g. Stripe) in accordance with their respective security and compliance practices. We do not store full payment card data on our systems beyond what is necessary for billing and support in accordance with our agreements and applicable standards.

5. Infrastructure and Network Security

We use infrastructure and network controls designed to protect our systems from unauthorized access and from common threats. Our approach includes:

• Hosting our website and systems in environments that we or our providers maintain with appropriate physical and logical security.
• Using firewalls, network segmentation, and related controls to limit exposure and to control traffic to and from our systems.
• Applying security updates and patches to our systems in a timely manner, and managing vulnerabilities in accordance with our internal procedures.

We may use third-party service providers for hosting, email, analytics, or other functions. We select providers with care and require contractual commitments where appropriate, but we do not control their infrastructure and are not responsible for their security practices beyond what we have agreed in contract.

6. Monitoring, Logging, and Incident Response

We monitor our systems and maintain logs where appropriate to support security operations, troubleshooting, and incident response. Our approach includes:

6.1 Logging

We retain logs for a period that we consider sufficient for security and operational purposes. Logs may include access events, configuration changes, and other activity relevant to security. We protect logs from unauthorized access and alteration.

6.2 Incident Response

We have procedures to detect, assess, and respond to security incidents. When we become aware of an incident that we believe affects the security of client or personal data, we will investigate and take steps to contain and remediate. We will notify affected parties and regulators where required by law or by our contractual commitments. We do not guarantee a particular timeline for notification; we will act in good faith and in accordance with our agreements and applicable law.

6.3 Reporting Security Concerns

If you become aware of a security vulnerability or incident involving our systems or data, please report it to us promptly using the contact details below. We will investigate and respond in accordance with our internal procedures. We do not sanction retaliation against individuals who report concerns in good faith.

7. Personnel and Vendor Security

We expect our personnel and, where applicable, our vendors to adhere to our security policies and to handle data responsibly. Our approach includes:

• Providing security awareness and training to personnel as we deem appropriate.
• Using confidentiality and related commitments where appropriate for personnel and contractors.
• Evaluating third-party providers for security and compliance before engaging them for services that involve access to our or our clients’ data, and requiring contractual safeguards where appropriate.

We do not disclose the details of our personnel screening or training programs publicly; we describe our approach at a high level for the purpose of this statement.

8. Limitations and Updates

No set of security measures can guarantee absolute security. We strive to protect our systems and data in line with the nature of our business and the risks we have identified, but we cannot eliminate all risk. This statement is a high-level overview and may change over time. We may update it to reflect changes in our practices, technology, or legal requirements. We will post the revised statement on this page and update the “Last updated” date where applicable. For specific security or compliance requirements, please contact us to discuss your needs.

9. Contact & Security Inquiries

For security-related questions, to report a vulnerability or incident, or to request information about our security practices in connection with a procurement or audit, please contact us using the details below. We will respond in accordance with our internal procedures and any contractual obligations.

We aim to respond to security inquiries and reports within a reasonable timeframe. For vulnerability or incident reports, please include sufficient detail (e.g. nature of the issue, affected system or URL) so we can investigate and respond effectively. We do not disclose the details of our response publicly without consent or where required by law.