Risk assessment is a systematic process used to identify, evaluate, and prioritize risks that could potentially impact an organization's operations, assets, or individuals. It involves analyzing the likelihood and potential impact of various risk scenarios, including threats to physical and digital assets, compliance with regulations, and overall business continuity.

At View, we take the security of our clients' information very seriously. Our commitment to safeguarding sensitive data is demonstrated through our ISO/IEC 27001:2022 certification, an internationally recognized standard for information security management.

The ISO 27001 certification process involved rigorous independent audits to ensure our ISMS meets the stringent requirements of the standard. This certification assures our clients and partners that we have implemented best practices in information security and are committed to maintaining these high standards.

You can check our ISO 27001 2022 certificate from the compliance section. To view the full report please contact us.

A SOC 2 Type 2 report is a detailed document that provides an independent assessment of a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy. This report is crucial for ensuring that the organization’s operations meet rigorous standards for protecting sensitive information and maintaining operational effectiveness.

We are currently in the process of renewing our SOC 2 Type 2 certification to ensure continued compliance with the highest standards of data security. You can check our previous year SOC 2 TYPE 2 report from Compliance section.

At View, we understand the importance of responsible data management, which includes clear and comprehensive Data Retention Policies. These policies define how long different types of data are retained and the methods used for secure disposal when data is no longer needed.

Ensuring the continuity and availability of data is fundamental to

View's commitment to safeguarding our customers' information. Our Data Backup and Recovery section outlines robust strategies and procedures designed to protect against data loss and facilitate rapid recovery in the event of an incident.

At View Inc., safeguarding our customers' data is paramount. Our Data Classification and Handling protocols ensure that all data is managed securely and in compliance with relevant regulations and industry standards.

Data encryption is a fundamental pillar of our security strategy, ensuring that your sensitive information is protected against unauthorized access and breaches. We employ advanced encryption protocols to safeguard data both at rest and in transit, providing you with the highest level of security.

Encryption at Rest

Encryption at rest protects your stored data, whether it's on disk, in databases, or in other storage mediums. We use robust encryption algorithms, such as AES-256, to secure data at rest. This means that even if physical access to the storage devices is obtained, the data remains inaccessible without the proper decryption keys.

Encryption in Transit

Encryption in transit protects your data as it moves between your devices and our servers, or between different services within our infrastructure. We use Transport Layer Security (TLS) protocols to encrypt data during transmission, preventing interception and eavesdropping.

At View, ensuring the security and resilience of our applications is fundamental to maintaining the trust of our customers and stakeholders. Our Application Penetration Testing section outlines our rigorous approach to testing and securing our applications against potential vulnerabilities and threats.

At View, we recognize the importance of ensuring the security and integrity of third-party components used in our products and services. This section outlines our approach to managing and securing third-party components to maintain the trust and confidence of our customers and partners.

• Security Practices: We review the vendor's security policies, practices, and certifications to ensure they meet our stringent standards.
• Risk Management: We assess the potential risks associated with integrating the component, considering factors such as data exposure, vulnerability management, and compliance.

Contractual Agreements

We establish clear contractual agreements with third-party vendors to outline expectations regarding security, confidentiality, data handling, and compliance. For more information, click on the button below.

Ensuring the integrity and security of our software is fundamental to View. Our Secure Coding Practices section outlines our commitment to developing robust, resilient, and secure software applications. By adhering to industry best practices and guidelines, we mitigate risks associated with vulnerabilities and threats that could compromise our systems or data.

Welcome to View! View, Inc., directly and through its subsidiaries (collectively “View”), provides advanced technology solutions to transform real estate operations and experiences from our base of operations in Milpitas, California in the United States. When you interact with us, regardless of your location, such as by visiting our websites, using our applications, engaging in marketing activities, enjoying our software platform, using our sensing products, deploying our solutions, and using any related services (collectively, “Products and Services”), you understand and agree that these Terms of Use (“Terms”) will apply and control.

Safeguarding customer privacy is a core commitment of View.

For more information, you can visit our privacy policy.

We have a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO.

At View, we prioritize the security and integrity of our systems and data through robust Role-Based Access Control (RBAC) mechanisms. RBAC is a fundamental component of our trust framework, designed to manage and enforce access permissions based on the roles and responsibilities of individual users within our organization.

Key Principles of RBAC

• Granularity: Access permissions are defined at a granular level, ensuring that each user has precisely the access privileges necessary to perform their job functions effectively.
• Roles and Responsibilities: Users are assigned roles based on their job functions and responsibilities within the organization. Each role is associated with a specific set of permissions that dictate what actions the user can perform and what data they can access.
• Least Privilege: RBAC adheres to the principle of least privilege, which means that users are granted the minimum permissions necessary to accomplish their tasks. This minimizes the risk of unauthorized access or accidental data exposure.
• Scalability: RBAC scales effectively with our organization's growth and evolving operational needs. As new roles are created or existing ones modified, access permissions can be adjusted easily and efficiently.

User Access Management is a critical component of our commitment to safeguarding data integrity and maintaining confidentiality at View. This section outlines our comprehensive approach to managing user access to systems and data, ensuring only authorized individuals have appropriate levels of access.

Configuration and Change Management are critical practices in IT and cybersecurity that ensure systems remain secure and stable. Configuration Management involves documenting and maintaining system configurations to ensure consistency and compliance with organizational policies. Change Management, on the other hand, controls the introduction of changes to IT systems, minimizing risks and disruptions by evaluating, testing, and monitoring changes carefully. Together, they help maintain system integrity, reduce downtime, and ensure alignment with security standards and business objectives.

Network segmentation is a critical component of our cybersecurity strategy at View. It involves dividing our network into smaller, isolated segments to enhance security and control access to sensitive resources. This section outlines our approach to network segmentation and the measures we implement to safeguard data and systems.

Network segmentation serves several essential purposes:\

• Security Isolation: By segmenting our network, we limit the scope of potential security breaches. Even if one segment is compromised, others remain protected, reducing the overall impact of an incident.
• Access Control: Segmentation allows us to enforce strict access controls based on the principle of least privilege. Each segment is configured to allow only authorized users and devices to access specific resources, minimizing the risk of unauthorized access.
• Performance Optimization: Segmentation helps optimize network performance by reducing congestion and improving data flow efficiency within each segment. This ensures that critical applications and services operate smoothly without interference from non-essential traffic.

Our infrastructure is designed with scalability, resilience, and security in mind. Key components include:

• Cloud Infrastructure: We leverage leading cloud provider (AWS) to host our services, ensuring high availability and global reach. Our architecture is designed to take advantage of cloud-native features such as auto-scaling and geo-redundancy.
• Networking: Secure and reliable networking protocols and configurations are implemented to protect data in transit and ensure optimal performance.
• Encryption: Data at rest and in transit is encrypted using industry-standard algorithms to prevent unauthorized access and maintain confidentiality.
• Access Controls: Strict access controls and authentication mechanisms ensure that only authorized personnel can manage and access our infrastructure resources.
• Continuous Monitoring: Real-time monitoring and logging allow us to detect and respond to security incidents promptly.