📘 Vigilo — Help & User Guide
📘 What is Vigilo?

A digital safety management platform covering all aspects of workplace safety — replacing spreadsheets and manual follow-ups with a single system.

📋 Safety Observations — report, assign & verify
🔐 Permit to Work — digital approvals & LOTO
⚠️ HIRA — ISO 45001 5×5 risk register
🚨 Incidents — RCA workflow, LTIFR/TRIFR
🔍 Inspections — mobile checklists & auto-score
⚖️ Legal Compliance — traffic-light register
✅ Corrective Actions — cross-module CA hub
🎓 Training & Skills — plans, sessions & passport
🏆 Appraisals — goal setting & performance review
🌿 ESG & BRSR — SEBI BRSR, GRI & TCFD reporting

🔍 Safety Observations — Workflow
  1. Observe — Any user records a hazard with description, severity & photo.
  2. Assign — Safety Manager assigns an Action Owner and sets a target date.
  3. Rectify — Action Owner fixes the hazard, uploads a "after" photo and submits.
  4. Verify — Safety Manager reviews the fix: Approve (closes it) or Reject (sends back for re-work).
  5. Archive — Closed observations move to the archive for record-keeping.

Severity levels: High · Medium · Low


🪪 Permit to Work (PTW) — Workflow

A Permit to Work is a formal written document that authorises high-risk work. No work should begin until an approved permit is in hand.

  1. Draft — Requestor creates the permit: work type, location, dates, hazard assessment, risk controls, PPE, isolation requirements and emergency procedure.
  2. Submit — Requestor submits the permit to the Safety Manager for review.
  3. Approve / Reject — Safety Manager (or Manager) reviews the permit.
    • Approve — Work is authorised. Approved By and timestamp are recorded.
    • Reject — Permit is rejected with comments. Requestor must revise and resubmit.
  4. Activate — Once on-site and ready to start, the Requestor activates the permit. Toolbox talk confirmation and worker count are recorded.
  5. Close — When work is complete, the permit is closed. Site restoration and final sign-off details are captured.

A permit can also be Cancelled by the Requestor (or Manager) at Draft or Submitted stage if the work is no longer required.

Draft → Submitted → Approved → Active → Closed

Work Types requiring a Permit:

🔥 Hot Work 🚪 Confined Space ⚡ Electrical ⛏ Excavation 🏗 Lifting & Rigging 🪜 Work at Height ⚠ Breaking Containment 📋 General High-Risk

👥 Roles & Responsibilities
Role Observations Permits to Work
Observer Reports observations Creates & submits permits
Action Owner Submits rectifications Creates & submits permits
Safety Manager Assigns, verifies & closes Approves, rejects & closes permits
Manager Full access Full access, invites users, manages billing
Vigilo
All Modules — 11 tools, one platform
📋
Safety Observations
Report, assign & verify hazard closures
🔐
Permit to Work
Digital permits with safety manager approval gate
⚠️
HIRA
ISO 45001 risk register, 5×5 matrix scoring
🚨
Incidents
RCA workflow, LTIFR/TRIFR auto-calculation
🔍
Inspections & Audits
Mobile checklists, auto-score & PDF reports
⚖️
Legal Compliance
Traffic-light tracking, evidence & alerts
✅
Corrective Actions
Cross-module CA hub, daily overdue alerts
🎓
Training & Skills
Online assessments, skill matrix & certificates
🔒
Lockout / Tagout
Isolation points, personal locks, group lockout & audits
👁️
Behaviour Based Safety
DuPont STOP observations, BBS score trend & at-risk review queue
🌿
ESG & BRSR Reporting
SEBI BRSR auto-assembled from live data — GRI & TCFD included
All modules included in every plan Start free →
Pricing Help
Sign in Request a demo Get started
Effective: 1 June 2026 · Version 1.0

Data Security Policy

How Vigilo protects customer data — technically and operationally.

This Data Security Policy describes the technical and organisational measures that Safety Desk ("we", "us", "our"), operator of Vigilo (www.safety-desk.com), implements to protect customer data processed through the Vigilo platform. This document is intended for customers, procurement teams, and data protection officers conducting security due diligence.

1. Infrastructure & Hosting

Vigilo is hosted entirely on Amazon Web Services (AWS), one of the world's leading cloud infrastructure providers. AWS holds the following certifications independently of Vigilo:

  • ISO/IEC 27001:2013 — Information Security Management
  • SOC 2 Type II — Security, Availability, and Confidentiality
  • PCI DSS Level 1 — Payment Card Industry Data Security Standard
  • CSA STAR — Cloud Security Alliance

Data centre region: ap-south-1 (Mumbai, India).
All customer data — including the database, file storage, and application servers — is stored and processed exclusively within India. No data is transferred outside India without explicit customer consent.

2. Encryption

LayerMethodStatus
Data in transit (browser ↔ server) TLS 1.2+ via AWS CloudFront CDN Enabled
Database at rest (RDS PostgreSQL) AES-256 via AWS RDS encryption Enabled
File storage at rest (S3) AES-256 via AWS S3 SSE Enabled
User passwords PBKDF2-SHA256 with salt (Django default) Enabled
Worker PINs PBKDF2 with salt via Django hashers Enabled

3. Access Control

Role-based permissions

Every user in Vigilo is assigned one of five roles that strictly controls what they can see and do:

  • Manager — full access to their organisation's data; cannot access other organisations
  • Safety Manager — operational access across all safety modules
  • Action Owner — access to observations and corrective actions assigned to them
  • Observer — can submit observations and complete training
  • Contractor — limited access with configurable expiry date

Organisation isolation

All database queries are scoped by organisation. It is technically impossible for a user in Organisation A to access any data belonging to Organisation B. This isolation is enforced at the application layer on every request.

Invite-only onboarding

There is no open public registration for employee accounts. All users must be invited by a Manager within the organisation. Invitations expire after 7 days.

Cross-organisation protection

An email address can be registered with only one organisation. If an invitation is sent to an email already registered with a different organisation, the invitation is blocked and no account transfer occurs.

4. Application Security

ControlImplementation
CSRF protection Django CsrfViewMiddleware — enforced on all POST requests
XSS prevention Django template auto-escaping on all user-supplied content
SQL injection prevention Django ORM with parameterised queries — raw SQL is not used
Clickjacking protection X-Frame-Options: DENY header via Django middleware
HTTPS enforcement HTTP requests redirected to HTTPS via CloudFront
Session security Secure, HttpOnly session cookies; session invalidated on logout
Secrets management All credentials stored as environment variables — never in source code
File upload validation File type and size validated on upload; stored in private S3 bucket

5. Backup & Recovery

  • Database backups: Automated daily backups via AWS RDS with 30-day retention
  • Point-in-time recovery: Available within the 30-day retention window
  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 24 hours
  • File storage: AWS S3 provides 99.999999999% (11 nines) durability

6. Availability

We target 99.9% monthly uptime. The platform is monitored continuously. Scheduled maintenance windows are communicated to customers at least 24 hours in advance and are scheduled outside business hours (IST).

7. Data Residency

All customer data is stored and processed within AWS ap-south-1 (Mumbai, India). This includes the PostgreSQL database, all uploaded media and documents, and application logs. Transactional emails are delivered via Brevo (EU-based); email content is transmitted to Brevo solely for the purpose of delivery and is not retained by them beyond delivery.

8. Sub-processors

Sub-processorPurposeData location
Amazon Web Services Application hosting, database (RDS), file storage (S3) India — ap-south-1 (Mumbai)
Brevo (Sendinblue) Transactional email delivery (alerts, invitations) European Union
Razorpay Payment processing (subscription billing) India
GoDaddy Domain name registration only USA (domain metadata only — no customer data)

Each sub-processor is contractually bound to process data only as instructed and to maintain appropriate security standards.

9. Incident Response

In the event of a confirmed security incident or data breach:

  • Affected customers will be notified within 72 hours of our becoming aware of the incident
  • Notification will include: nature of the incident, data categories affected, approximate number of records, and actions taken
  • A full written incident report will be provided within 14 days
  • We will cooperate fully with any regulatory notifications required under applicable law

10. Data Retention & Deletion

  • Customer data is retained for the duration of the active subscription
  • On subscription termination, data is retained for 30 days for recovery purposes, then permanently deleted from all systems
  • Customers may request immediate deletion by written notice to our support address
  • Customers may export all their data at any time in CSV or PDF format from within the platform

11. Personnel & Internal Access

  • Access to customer data for operational or support purposes is restricted to authorised personnel only
  • Production environment credentials are not shared and are rotated periodically
  • Application source code is maintained in a private repository

12. Compliance

Vigilo operates in accordance with the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India. For customers subject to GDPR, we are prepared to enter into a Data Processing Agreement — see our DPA.

13. Security Questions & Vulnerability Reporting

Contact our Security Team

For security enquiries, to request a signed copy of this policy, or to report a vulnerability responsibly:
Email: contact@safety-desk.com
Subject line: Security — [your company name]

We aim to acknowledge all security reports within 1 business day.

Delete this record?

This action cannot be undone.