The following information is here to reassure you that we take your data security very seriously. Should you need any further information or explanations, please do get in contact and we will be pleased to help.
How the Data is Accessed
Secured Access via SSL
We use the HTTPS (SSL) protocol for our systems so that users work over a secure communication link between their devices and the server. The data transferred is encrypted and cannot be read by anyone except the current user of the device.
Advanced password encryption
Our user authentication uses the latest techniques for keeping your passwords secure, and allows us to easily review and upgrade the hashing algorithms used.
Currently, we use a robust encryption method called Blowfish which, along with unique salt, offers an extremely secure method for storing passwords.
When users sign in, they are also required to key in 2 digits randomly chosen from their 4 digit PIN. They are reminded to change their PIN every 12 weeks.
We use Apache’s htaccess file system which allows us to set another level of security restrictions for accessing a directory or a file.
All database queries go through a sanitisation process before hand to prevent any SQL injection into the database.
How the System is Updated & Maintained
Who has access?
The only people that have access to the hosting servers and databases are the server administration staff and trusted employees. Passwords are never shared with anyone outside of the company. i.e. no third-party contractors.
All our developers are party to a non-disclosure agreement ensuring all customer data and our source code will stay confidential.
Source code built by us
All source code used in our systems has been built or vetted in-house. We do not work with 3rd party contractors or developers to build our systems.
All our employees are based in the UK.
All of our files/folders have relevant permissions set to prevent unauthorised access and changes to the system.
Secured File Transfers
Any data or file transfers to the server are carried out under the SSL protocol to stop any unwanted sniffing of files. This uses an encryption layer as the files are transferred.
Additional security measures may be suggested by us for certain scenarios, based upon business requirements and sensitivity of data to be stored.
As our systems are bespoke, we are open to discussion about any further security measures or requirements that are deemed necessary.
About Our Web Hosting Servers
We have 24/7 remote access and full control of the hosting platform, installation software and security patches. The data centre, which is based in the UK, offers a premium environment for business critical servers and data with fully secure power supply, cooling, security and network resilience systems including:
- Uninterruptable Power Supplies
- Diesel Generators for back-up power
- Air Conditioning
- VESDA smoke detection and fire suppression
The operating system we use is server grade Linux running the latest stable versions of appropriate server software.
A high-availability cluster of 2 web servers running the Apache web server and PHP scripting provides the data interface to the industry standard MySQL database.
One server provides the master database which is replicated in real time to a slave database. The slave can take the role of master in case of failure.
All servers are remotely accessible for ease of system upgrades, maintenance and backups.
System security is achieved through the use of password controlled database and server access.
Database back-ups are made every hour from the slave database, so that the operation of the master is uninterrupted and a full & complete snapshot can be taken. The back-ups are rotated every 24 hours and a monthly copy is also saved. A daily snapshot is automatically moved off site as a further precaution.