Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Valenta IT & Cybersecurity FAQ Guide

 

A simplified, non-technical reference for internal members

Section 1: Security Governance

Q1.1 Who oversees cybersecurity at Valenta?

Valenta's designated IT Security lead is responsible for overseeing all cybersecurity operations and governance. This role ensures compliance with security best practices, legal requirements, and client standards.

Q1.2 Do we have clear IT security policies?

Yes. Valenta maintains an Information Security Management System (ISMS), which is a structured set of policies and procedures designed to manage sensitive data securely. All relevant personnel have access to these policies.

Q1.3 How do we ensure these policies are followed?

We perform regular audits, security awareness training, compliance checks, and assessments. Any policy violations are handled through our incident response and corrective action processes.

Q1.4 Do we use services like Microsoft Azure?

We use Azure cloud infrastructure. It is integrated under strict compliance frameworks, and we ensure any subcontracted services follow contractual security requirements.

Q1.5 Do we have qualified people managing security?

Yes. Our IT security staff hold experience in managing, auditing, and implementing security frameworks.

Q1.6 How does Valenta’s IT organization support multiple service lines?

The IT team works closely with each business unit (e.g., Intelligent Automation, Managed Services, HR, Staff Augmentation, Data & Integration Marketing, Finance, Security) to ensure platform-specific requirements are addressed securely and consistently.

Q1.7 How do we handle client-specific security requirements? We customize our approach as per client expectations, including data residency, access management, and encryption policies. This is reviewed during onboarding and captured in project documentation.

Q1.8 What internal tools are used by the IT team to manage service delivery? We utilize HubSpot and Manage Engine ServiceDesk Plus for ticketing and service tracking, 1Password for credential management, and custom internal trackers for access control logs, VM inventory, and patching schedules.

Q1.9 What is the escalation matrix within Valenta IT? The escalation follows a tiered path:

  • Tier 1: IT Support (day-to-day issues, initial troubleshooting)
  • Tier 2: Senior IT Admin
  • Tier 3: Head of IT

 

Section 2: Compliance Standards & Frameworks

Q2.1 What certifications does Valenta follow?

  • ISO 27001:2022 (Information Security Management)
  • ISO 27701:2019 (Privacy Management)
  • ISO 9001:2015 (Quality Management)
  • ISO 22301:2019 (Business Continuity Management System)
  • HIPAA (Health Insurance Portability and Accountability Act)
  • GDPR (General Data Protection Regulation)

Q2.2 What about UiPath's certifications?

UiPath, our automation platform partner, is certified in:

  • ISO/IEC 27001, 27017, 27018
  • ISO 9001
  • SOC 2 Type 2
  • HITRUST
  • Cyber Essentials Plus
  • NHS Data Security Toolkit (UK)

Q2.3 How do we stay updated on compliance? We conduct annual reviews, employee training, system assessments, and collaborate with clients on regulatory changes. Updates are communicated to internal teams.

Q2.4 Who ensures we meet client-specific compliance needs? The IT and legal/compliance teams work together during onboarding and review stages to ensure contracts, controls, and practices align with client expectations.

Q2.5 Are Valenta’s internal tools and platforms audited? Yes. Periodic audits are conducted to ensure our ticketing, credential, and VM environments comply with internal policies and external requirements.

Q2.6 How is data privacy handled when accessing client tools? Only authorized personnel are granted tool-specific access using secure credentials. Password managers enforce access policies and restrict credential visibility.

 

Section 3: Security Incident Management

Q3.1 What is our response to a cybersecurity incident? We follow a documented process:

  • Detection
  • Containment
  • Eradication
  • Recovery
  • Root cause analysis and prevention

Q3.2 How do we ensure service continuity during crises? Our Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) are designed to keep operations functional during incidents like cyberattacks, power outages, or system failures.

Q3.3 What are our incident response time commitments? All response and resolution times are handled in accordance with Valenta’s Managed Services and IT Service Level Agreements (SLAs).

Q3.4 Who are the escalation contacts? Contact the Valenta Security or Support Teams at:

Q3.5 Are incident reports or summaries shared with clients? Yes, if the incident is relevant to a client’s environment, a post-incident report is prepared and shared, including mitigation steps taken.

Q3.6 What is the process for internal incident logging? All incidents are logged via ServiceDesk Plus with incident category and severity levels. The ticket is escalated automatically based on SLAs.

Section 4: Network Protection

Q4.1 What protects our digital environment? We use:

  • Firewalls
  • IDS/IPS systems
  • Endpoint protection
  • Secure VPN access
  • Role-based access and MFA
  • Security event monitoring (SIEM)

Q4.2 What’s the infrastructure setup for Intelligent Automation deployments? Valenta deploys DAs on client-dedicated virtual machines (VMs) hosted in Microsoft Azure. These VMs are isolated and configured with:

  • OS: Windows Server 2019 or later
  • Installed tools: UiPath Studio, Robot, and relevant software
  • Region-specific hosting to ensure compliance

Q4.3 How are network access and controls managed? Through VPNs, IP whitelisting, MFA, and firewall rules. Digital Assistants (DA) only connect with approved systems. All activity is logged.

Q4.4 What is the process for granting internal user access? All access requests go through an internal approval workflow, require business justification, and are logged. Periodic access reviews are performed.

Q4.5 Are vendor integrations monitored? Yes. All third-party and vendor systems connected to our environment are reviewed for compliance, and access is monitored.

Q4.6 Are personal laptops permitted for delivery work? No. All work must be performed using Valenta-approved devices or client VMs, with enforced VPN and endpoint protection. BYOD is not permitted for production work.

Q4.7 How are orphaned or inactive accounts handled? Periodic access reviews are conducted, and inactive accounts are disabled based on policy thresholds. Account deletions are handled post project closure.

 

Section 5: Infrastructure & Deployment

Q5.1: What is Valenta’s standard RPA infrastructure model?
Valenta provides dedicated, client-specific Virtual Machines (VMs) hosted on Microsoft Azure, ensuring isolated environments per client. These environments comply with local data residency laws and industry-standard security protocols.

Q5.2: Can clients choose where their VM is hosted?
Yes. While Valenta-hosted VMs are preferred for optimal control and security, we also support client-hosted VMs with appropriate security and access configurations (e.g., VPN, firewall, IP whitelisting).

Q5.3: What happens after a client signs off a project?
The IT team provisions a secure VM, installs required software (e.g., UiPath), coordinates password manager access, configures MFA, and supports the developer through end-to-end testing. Details are tracked via internal ticketing systems.

Q5.4: How does Valenta ensure secure access to client systems?
Through role-based access control (RBAC), MFA, secure VPN tunnels, password managers, and encrypted traffic. Access is granted on a need-to-know basis and is fully auditable.

Q5.5: How are automations secured?
Automations run in locked-down VMs, use credentials from Orchestrator assets or password vaults (e.g., 1Password), and never store client data long term. Their actions are monitored via UiPath Orchestrator, with logs and audit trails maintained.

Q5.6: What happens if a security incident occurs?
All incidents must be reported to IT Security via designated support channels. Incident response is handled as per the Managed Services and IT SLA with defined escalation paths and resolution workflows.

Q5.7: How does Valenta handle client credentials?
Credentials are stored in secure password managers—either provided by the client or by Valenta. No credentials are stored in plain text or shared directly with developers. The bot uses autofill access during runtime only.

Q5.8: Who manages password updates?
Clients update their password manager; but if Valenta is managing it (e.g., 1Password), the client can update credentials through their guest account, maintaining full visibility and control.

Q5.9: What if a client restricts external system access?
We coordinate to whitelist Valenta’s VPN/static IPs and configure secure protocols. If restrictions persist, Sales/IT must realign the scope or recommend alternate deployment models.

Q5.10: What’s the preferred MFA method for RPA Automations and why?
Google Authenticator is preferred due to its automation support and enhanced security. Alternatives like email OTPs or virtual numbers are used based on feasibility.

Q5.11: What if a client insists on using their internal IT tools?
That’s acceptable—Valenta’s IT team will collaborate with the client’s IT to align on password management, access policies, and any compliance prerequisites. However, Valenta will clearly communicate any limitations related to the client’s setup, including potential delays in resolution where administrative access is required and dependencies on the client’s IT team and their SLAs in case of client-hosted environments.

Q5.12: How is physical access to VMs managed?
Physical access is not applicable. VMs are hosted on Azure and accessed remotely via secured protocols. Azure’s infrastructure meets top-tier compliance standards including ISO, SOC2, and HIPAA.

Q5.13: Can we provide documentation for client audits or vendor reviews?
Yes. We maintain updated documentation including:

  • IT Setup Guide
  • Infrastructure Diagram
  • UiPath Certifications
  • Data Privacy and Access Control Policies

Q5.14: What’s the process to onboard a new developer for an existing client?

  • Project Manager requests access for the developer
  • IT provisions access via secure channels and updates the ticket
  • Developer is granted read-only or autofill access via password manager
  • All access is removed post project or upon resource roll-off

Q5.15: How often are access reviews done?
Regular reviews are conducted in line with our internal security audit policy. Any anomalies or stale access are flagged and resolved as part of ongoing governance.

Q5.16: Can clients monitor or audit bot behavior?
Yes. UiPath Orchestrator provides detailed logs, execution histories, and access records. Clients can request reports.

Q5.17: What is UiPath Orchestrator used for?
It controls all bots: job execution, credential injection, logging, and monitoring.

Q5.18: Who has access to Orchestrator?
Only authorized team members.

Q5.19: Are Orchestrator logs audit-ready?
Yes. Logs show execution history, credential use, and exceptions—ideal for client reviews or audits.

 

Section 6. General & Supporting Questions

Q6.1. Do clients pay for 1Password setup?
No, it's provided free of cost if clients don’t have a password manager.

Q6.2. How are password updates handled?
Clients update them in their password manager; Valenta IT syncs access.

Q6.3. Can multiple DAs use one MFA code?
Not preferred. MFA should be DA-specific to avoid cross-access risks.

Q6.4. What if the client wants DAs to interact with third-party apps?
Access is scoped and controlled. Any new tools must go through security and feasibility review.

Q6.5. Where can I report a phishing or access issue?
To your internal security contact via HubSpot or itsupport@valenta.io.