Vistra’s entity management platform is a one-of-a-kind, cloud-based solution that enables our client to seamlessly incorporate and manage entities online. By blending cutting-edge technology with our extensive corporate service expertise, our platform transforms the traditionally slow and complex processes of entity creation and management into a simple, fast, and efficient experience.

In my previous article, I mentioned that managing cyber risk goes hand-in-hand with supporting our clients on their value-creation journeys. This belief drives us to design secure products that foster a collaborative environment between our information security and product teams, ensuring that security is embedded in every aspect of the products we produce. Inspired by successful platforms like Uber and Amazon, Alan Schmoll, Product Head for the Global Entity Platform, emphasised in a prior article that our vision for this entity platform is to simplify user experiences and provide valuable insights, while reducing the frustration of managing information from multiple sources.

To achieve our vision, we have developed and implemented a comprehensive information security and business resilience framework that follows industry best practices. This includes adherence to ISO/IEC 27001:2013 for Information Security Management Systems (ISMS), IT Infrastructure Library (ITIL) for IT Service Management, and ISO22301:2012 for Business Continuity Management Systems (BCMS). You can learn more about our commitment to safeguarding information related to our clients and our team here. These principles are integrated into our secure product development framework, with key elements outlined in detailed in the Trust Centre. By establishing these robust protocols, we ensure that every measure is taken to safeguard and protect our clients’ data, providing them with the highest level of security and confidence.

As we navigate this rapidly evolving landscape, we know that questions surrounding Generative AI are a key concern for our clients. To address them, we’ve established agile security reviews to effectively manage emerging risks. These reviews focus on identifying both internal and external vulnerabilities associated with developing and security of Generative AI and large language model (LLM) applications throughout their entire lifecycle, in alignment with the OWASP TOP 10 for LLMs. Additionally, we continue to adopt the MITRE ATLAS matrix, which focuses on the security of AI systems, to enhance our detection capabilities and stay ahead of potential threats. 

Through these proactive measures, we aim to provide our clients with the confidence they need to embrace the benefits of Generative AI while minimising associated risks. Here are some of our clients’ key questions answered:

Q. How can we ensure that the data (both managed and non-managed) consumed by AI is used solely within the organisation and not made publicly available or shared with Vistra for non-managed entities?

A. All customer data is securely stored within Vistra’s cloud infrastructure. Data used for LLM training is anonymised to protect user identities and legal entities, ensuring confidentiality. We utilise retrieval-augmented generation (RAG) to enhance AI-generated responses with relevant client information, ensuring that only authorised data is presented and effectively maintaining data security. Clients also have the option to request disabling AI features for their specific instances, giving them greater control.

Q. If a client chooses to leave Vistra, can they export their data and remove all instances from our servers, including any AI variations that used their data?

A. If a client chooses to end their partnership with Vistra, they can request to export and delete their data. Our commitment to data security means that all AI training datasets are anonymised before use, ensuring no identifiable information is retained, thereby safeguarding client privacy.

Q. Does Vistra have access to non-Vistra managed entities if they upload that information onto the platform?

A. We are committed to empowering our customers to manage all their entities online, including those not managed by Vistra. Like any Software as a Service (SaaS) product, our platform is built and managed by us, with all entity data securely stored within our infrastructure. Our product and technical teams have access strictly for support and enhancement purposes. Importantly, frontline Vistra employees do not have access to data related to non-Vistra managed entities, ensuring robust privacy and security for our clients.

Conclusion:

In summary, Vistra’s entity management platform is designed to streamline entity management while prioritising security and client privacy at every level. We are dedicated to continuously enhancing our platform to meet the evolving needs of our clients while safeguarding their valuable data. By partnering with Vistra, clients can leverage today’s advancements in AI with the peace of mind that their data is effectively managed and thoroughly protected.