We take the security of all personal data very seriously, and that data is protected in a number of ways:
- Access control: access to personal data is strictly limited in line with our policy detailed in the ‘who we share data with section’ on this page. Access is controlled by individual user accounts, where a strong password policy is enforced
- Dedicated security software: We operate dedicated security scanning and access control software on all of our websites. This software is responsible for limiting login attempts to our site, blocking potentially malicious attempts to access our services, and regularly performing full file system scans.
- Data encryption: where data is stored in a cloud facility (such as the storage of website backup files), that data is encrypted both ‘in transit’ and ‘at rest’ – meaning that all data is securely obscured both during the process of transfer to the cloud provider, and then additionally when it is in storage at its final location.This website is also secured with SSL encryption, which means that all traffic to and from our servers is encrypted. This applies to our own administrative access to the website as well as that of users of our services.Additionally, we ensure that our own dedicated secure Virtual Private Network (VPN) is used when we access the site from anywhere on a public wifi network.
- Selection of third party service providers: we use a very limited number of third party service providers, but some are essential for the provision of physical hosting environments and cloud services. One of the core factors in the selection of such providers is their ability to provide secure systems and processes. We have written Data Processing Agreements with each of our core service providers that sets out the requirements for data security.
- ICO registration: We are registered with the Information Commissioner’s Office, the UK’s data regulator, ensuring that our data privacy record and reputation is available in the public domain.