VMware Cloud

services management reevaluates the strategic business plan biannually. This evaluation helps the management in identifying risks within its areas of responsibility and implements appropriate measures designed to mitigate the risks.

The information security and compliance teams together with management ensure that the security policies are complaint.

VMware Business Conduct Guidelines and security awareness trainings are mandatory for new employees. The existing employees complete this training annually.

VMware provides security policies and security training to employees to educate them about their roles and responsibilities concerning information security. VMware takes appropriate disciplinary action on employees violating VMware standards or protocols.

Applicable security provisions are added to supplier agreements to ensure that the providers are contractually obligated to maintain appropriate security provisions.

VMware audit and assessment program ensure that the third-party auditors review the policies according to industry standards including ISO 27001. VMware furnishes audit reports under an NDA.

VMware has documented security baselines to guide personnel regarding appropriate configurations to protect any sensitive information. Baseline configurations for all software and hardware installed in the production environment are also documented and updated regularly. A defined change management policy governs any changes to these configurations. Baseline configurations are securely recorded. VMware notifies customers when changes are made to the service.