Cybersecurity
Our commitment to building secure software
At DbVis Software, we prioritize Security in every aspect of our operations, including the software we build, the systems and data we use, and the people we employ. This page serves as a guide to our security efforts, outlining key security practices with links to essential documents. For detailed data management information, please see our Privacy Policy.
Our software and security commitment
DbVisualizer is a client-based software designed for installation and operation on personal desktops, laptops, or other environments that you control. It functions entirely within your own infrastructure, protected by your firewalls. Unlike e.g. cloud services.
We ensure a safe development environment with proper fortifications and adhere strictly to a thoughtfully engineered Software Development Lifecycle (SDLC). Our team is comprised of hand-picked and expertly trained professionals, all of whom undergo regular information security training sessions.
DbVis Software does not handle your data
As DbVisualizer is a client-based software operating within your infrastructure, DbVis Software does not engage in data storage, processing, or access. Consequently, vulnerabilities typically associated with cloud-based services are not a concern with our product. Your data remains exclusively under your control.
Compliance with Industry Frameworks
Our approach to Information Security is designed to align with globally recognized frameworks, including NIST and ISO 27001 standards. For an in-depth understanding, we invite you to review our Information Security Policy, which is available upon request.
Data Privacy Assurance
While DbVisualizer facilitates database management, it does not grant us access to your data. We maintain a strict boundary, ensuring your data's privacy and security remain uncompromised. However, DbVisualizer has three methods of communicating back to our servers, all of which can be managed (including turned off or ignored) by users and administrators:
- The Check for Update function is used to see if a new version of DbVisualizer is available to download, including critical bug fix releases and new feature releases. This function is active by default.
- Anonymous usage data is collected to help us build better software. Individual users can not be identified. The function only gathers data about application usage, no user data is gathered. This function requires explicit approval from the user before activated.
- A user chooses to Contact Support through an in-app help menu. The user can choose to share logs, screenshots, etc for troubleshooting purposes. Before submitting the request, users are presented with the exact information that will be shared. Once confirmed, the request will be submitted.
Data in transit is encrypted. We continuously adapt to evolving cryptographic techniques.
How to report a security incident
If you identify or suspect a security incident, please report it to security@dbvis.com. Our incident plan is regularly tested to ensure readiness for security breaches.
How to keep DbVisualizer up to date
Please use the in-app Check for Update function found in the help menu (optional automatic function). To keep your database drivers up to date, please use the driver manager found in the tools menu.
How to report a bug
There are three alternatives for reporting issues:
- Using Help -> Contact Support in the DbVisualizer application (Recommended)
- Using the web form at https://www.dbvis.com/company/contact/
- Using the forums and knowledge base at http://support.dbvis.com
Our developers will then determine if the issue is indeed caused by a bug in our software, and if so remediate it.
Bug fixes
We take great pride in the quality of our software, but bugs nevertheless do appear from time to time. When needed, we issue point releases with bug fixes. We strongly recommend customers to install updates promptly when available.
Third-party penetration tests
Penetration tests are performed periodically. The results are private and not available to the general public but a Letter of Attestation from our third-party provider can be made available to select customers upon request.
Software Development Life Cycle (SDLC)
Security is integrated into our development process, with regular reviews for continuous improvement. An overview of the SDLC can be shared upon request.
Personnel Security
DbVis Software requires all employees to adhere to our guidelines on confidentiality, ethics, and professionalism. Security training is provided on a regular basis, and is mandatory for all employees.
Authentication and authorization
We implement MFA across our systems, adding an extra layer of security for accessing information and systems.
Information Security
Our Information Security policy is regularly updated, directing employee behavior and system usage. Access to DbVis Software's systems requires user acknowledgment of these rules, which we regularly update.
Privacy
DbVis Software complies with GDPR, the European privacy legislation. As for personal information, we only collect basic contact information (names, email addresses) for license management, accounting, and support.
Organizational Security
Our team, trained in global security standards, manages our information security. We always strive to align with the NIST Cybersecurity Framework and ISO/IEC 27001, ensuring comprehensive protection against risks.
Personnel Security
We require all employees to adhere to our guidelines on confidentiality, ethics, and professionalism. Mandatory security training is provided for all new hires.
Access Control
Access to systems and data is controlled, ensuring employees only have access to the information necessary for their role.
Supplier and Vendor Relationships
We conduct risk assessments of all relevant vendors and partners to ensure they meet our high standards for data protection and security.
Security Operations
Operational security is crucial at DbVis Software. This section outlines our key measures, ensuring the integrity and safety of our systems and client data. These practices encompass network security, data protection, and rigorous system management, reflecting our commitment to robust and effective cybersecurity.
Asset Management
Company assets are secured and staff are trained in their proper handling and security.
Physical and Environmental Security
The data centers we use are equipped with robust security measures and sustainable practices, and meet industry standards, including SOC 2 Type II and ISO/IEC 27001:2013.
Auditing and Logging
System access and changes are monitored and logged.
Antivirus and Malware Protection
We use advanced, regularly updated antivirus solutions.
Business Continuity and Disaster Recovery
Regular data backups are performed.
Network Security
Our network is secured with firewalls and segregation between development and production environments.
Data Protection
Data in transit is encrypted.
Vulnerability and Patch Management
We conduct regular security assessments and penetration tests
Incident Management
We have a comprehensive incident response plan in place, which is regularly tested and updated to ensure rapid and effective action in the event of a security breach.
Additional documentation, available on request to qualified customers:
- DbVis Cybersecurity Policy – Executive Summary
- DbVis SDLC Security Policy (Software Development Lifecycle)
- Letter of Attestation (Penetration Test performed by Third Party)
- DbVisualizer Software Bill Of Materials (SBOM)
- DbVis Software Privacy Policy.
To request a document, please contact info@dbvis.com
Information Security Management System
In addition, DbVis Software maintains an ISMS (Information Security Management System) with all documents, events and test results. This is company private, but the information can be made available for supervised review under NDA to Enterprise customers performing a Security Assessment of DbVisualizer and DbVis Software.