Data security

Our datacentre is located in the UK and operated by one of the most respected providers in the world. We leverage all of their capabilities, including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorised entry. Security controls include but are not limited to:

• 24/7 Physical security guard services
• Physical entry restrictions to the property and the facility
• Physical entry restrictions to our co-located datacentre within the facility
• Full CCTV coverage externally and internally for the facility
• Biometric readers with two-factor authentication
• Facilities are unmarked as to not draw attention from the outside
• Battery and generator backup
• Generator fuel carrier redundancy
• Secure loading zones for delivery of equipment

The infrastructure on which our application sits is secured through a "defence-in-depth" layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilising the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. Any system that houses customer data is considered to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.

Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

Systems controlling the management network of our application infrastructure are logged to a centralised logging environment to allow for performance and security monitoring. Logging includes system actions as well as the logins and commands issued by system administrators.

Monitoring and analytics programmes are used to identify potentially malicious activity within the hosting infrastructure. User and system behaviours are monitored for suspicious activity, and investigations are performed following incident reporting and response procedures.

Your data is backed up daily to keep it safe. All backups are then stored on an internal non-publicly visible network on NAS/SAN servers.

Technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.