The system’s owned and created by Ivstitia Limited are accredited to store and process OFFICIAL and OFFICIAL-Sensitive information in accordance with HMG requirements (the Security Policy Framework) and CESG guidance.

It has been assessed against the HMG Baseline Controls, which correspond to the good commercial practices described by ISO27001/2.

As part of the accreditation process, a Technical Risk Assessment has been produced by a CESG Listed Advisor Scheme (CLAS) consultant and an independent IT Security Health Check has been carried out.

Our IASME Consortium Certificate of Assurance show that as a whole company and assessment has taken place and we comply with the IASME Governance standards.

.RightCue assessed and certified the as a whole company had met the cyber essentials implantations profile published in February 2017 and thus that. That at the time of testing, the organisations ICT defences were assessed as satisfactory against commodity based cyber attack.

We also follow the “14 Cloud Security Principles” as outlined by the UK Government, they are as follows:

  • Data in transit protection
  • Asset protection and resilience
  • Separation between users
  • Governance framework
  • Operational security
  • Personnel security
  • Secure development
  • Supply chain security
  • Secure user management
  • Identity and authentication
  • External interface protection
  • Secure service administration
  • Audit information for users
  • Secure use of the service

Datacenter:

  • Certified and Police Audited.
  • Comprehensive CCTV coverage with footage retained for 90 days
  • Biometric and/or RFID badge controlled access to data halls
  • Physical access limited to specific necessary personnel
  • FM-200 fire suppression
  • At least N+1 UPS, generators and HVAC
  • Stand-off fenced perimeters in place
  • Continuous Building Management System monitoring
  • incident management and change control procedures in place
  • Dev Ops security model allowing rapid mitigation of security issues
  • Active involvement in the security community
  • Strict media sanitisation and destruction procedures
  • ISO 9001 and 14001 certified
  • ISO 27001:2013 certified hosting services and data centres

Application Security:

  • Penetration tested against the OWASP top 10
  • Dedicated Cisco ASA 5560 X Security Plus with FirePOWER Hardware Firewall.
  • Secure Multi Factor Authentication
  • User Profile Intrusion Detection System
  • Encrypted data access on account, agency and user levels
  • Advanced Application Firewall and Pot Forwarding
  •  Encrypted Session Data stored server side.
  • Fully audit able access logs

Backups:

  • Encrypted backups stored offsite on UK Datacenter
  • Backups held for 30 days