With any company entrusted with confidential data, the security and confidentiality of the data are of the highest importance.
Our Server Architecture:
We have a multi-tier architecture between our front end, data processing and data storage servers. Every client is assigned a unique encryption key with selected personally identifiable information (PII) data stored encrypted. These sit behind multiple load balancers, intrusion detection and network monitoring layers. These are constantly monitored by a dedicated threat control centre and by our security staff.
Our Data Processing Desktops:
These machines run on a flavour of Linux with full disk encryption and additional home drive encryption. All client data requiring our manual assistance is only processed on these machines protected in transit with cryptographic network protocols. No internet browsing or email is available on these machines to reduce the risk of infection on any machine linked with client data.
Our Office Desktops:
Our windows office desktops are protected with local Check Point Firewalls, AVG antivirus and Microsoft Windows Defender SmartScreen technologies. These sit behind dedicated physical network technologies to ensure multiple layers of network security.
Every desktop has full disk encryption.
Data in Transit:
Our website uses SSL technologies and latest protocols to give a security rating grade ‘A’. This is regularly reviewed to ensure as security information and advice changes we adapt to maintain this standard.
ISO/IEC 27001 Compliant
Our data centres are certified to the international standard for information security, ISO 27001. This certification also includes our internal International Global Security Services and Information Technology Infrastructure Services functions.
This standard provides a framework for managing a business’s security responsibilities and provides external assurance for customers as to the scope and scale of our secure environment via our Business Security Management System.
Since 2009 the system has provided the foundation for an integrated and sustainable security model working in tandem with our other security controls such as PCI-DSS. It is subject to on-going external assessment by our certification body, BSI with a full re-assessment every three years.
ISO 9001 BSI Quality Management
Our UK data centre management, delivery and support functions are certified to this internationally recognised standard.
ISAE 3402 Type II Service Organization Control – SOC Reporting
Our hosting partner has obtained a globally recognised standard for reporting on service organisation controls to demonstrate that selected processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing company (service auditor) for our dedicated hosting customers, cloud servers & cloud files customers and all our data centres. The examination includes controls relating to security monitoring, change management, service delivery, support services, back-up, environmental controls, logical and physical access, providing a detailed description of our controls and the effectiveness of those controls.
Our partner has completed an examination in conformity with the International Standard for Assurance Engagements (ISAE) No 3402 Type II Service Organization Control (SOC1 and SOC2) for the period between between 1st October 2014 to 30th September 2015 . This is repeated on an annual basis for each reporting period.