Our offices are monitored by CCTV and have 24-hour security present. They are equipped with alarm systems and armed response. Servers, where used, are within secured areas with access control restricted to named users.
Any company owned mobile equipment (laptops and external storage mediums) is encrypted using a minimum of AES encryption with 128-bit keys.
We have strict internal Bring-Your-Own-Device policies, and devices owned by staff members are segregated when connecting to our networks. Company information systems (such as e-mail and document management) are secured by mandatory multi-factor authentication.
End to end security systems are in place on each computer and on the network, including Anti-virus, Intrusion Detection, and Malware protection.
Data at rest in the forms of regular backups are encrypted at backup time prior to being transferred to longer term storage. Backups are encrypted using GPG encryption.
In transit encryption is achieved by Transport Layer Security (TLS), both within the hosting environment and to the end user.
Authentication and Passwords
Our systems validate password complexity to ensure that the passwords in use are not easily guessable, and we enforce minimum password complexity across all of our products.
In order to continually assess our security position, we perform regular tests against our environment, in line with OWASP Top Ten and other industry standards and benchmarks. Independent vulnerability assessments are performed periodically on our offerings. More information regarding our testing is available on request.
Logical access to our servers for maintenance is strictly controlled internally and is limited to named, authenticated users. Any access is saved to audit logs, and privileged accounts are more strictly controlled than regular accounts.
Solutions hosted within our online platform are logically separated, reducing the risk of cross-site scripting and privilege escalation between accounts and tenants.
From an application point of view, customers are given full rights to manage their own access control within the system. As such, it is the responsibility of the customer to ensure that their access control to the system is managed according to good practice.
Our data centres and hosting locations are outsourced to industry leaders, who maintain strict control and security of the environments. Security controls include physical access control, logical access control, and Intrusion Prevention systems.
Our servers are all configured to stringent baseline configuration standards. If we provision a new service, you can rest assured that it has security pre-applied to it and does not rely on insecure defaults in configuration.
Our physical offices are secured by alarm systems, 24/7 access control and CCTV systems. While we do not host your services at our administrative offices, we maintain strict control over who has access to our internal systems. All systems are access controlled for designated team members and are inaccessible to non-employees. Centralised storage is located within our secured cloud or within a secure server room with strict named access control.
Our hosted services are protected by various Web Application Firewalls (WAF) and other preventative measures.