We use cookies to keep the site reliable, remember basic choices, and understand which pages are useful. You can accept, reject, or review the settings before continuing.
VAMGR maintains a multi-layered security architecture governing data confidentiality, access controls, payment processing, and incident response protocols. All measures are designed to meet the standards required under the Canada Business Corporations Act and applicable provincial privacy legislation.
Role-based permissions and mandatory two-factor authentication govern all internal systems. Access logs are retained for a minimum of 24 months and reviewed quarterly by the compliance officer.
All client data in transit and at rest is encrypted using AES-256. Encryption keys are managed through a hardware security module with separation of duties enforced by policy.
Payment processing is conducted through PCI DSS-compliant gateways. No full payment card numbers are stored within VAMGR systems. Tokenization is applied to all recurring transactions.
A documented incident response plan is activated within one hour of detection. Notification to affected parties and regulatory bodies follows the timelines prescribed by the Office of the Privacy Commissioner of Canada.