Go to menu
Text Size:
A
A
A
Colour Scheme:
S
S
S
S
S
S
S

Information Security and Assurance

As a company we take a very proactive stance towards the security of your data and have taken the lead on a number of initiatives to ensure we follow best practices.

ISO27001

We are presently working towards ISO27001 compliance, the international standard for an effective Information Management system which includes security of information and network systems. With the exception of our business continuity plan (which itself is close to completion) we have finished all our documentation for ISO27001 compliance.

Information Security

We also have a contract in place for ISO27001 experts IT Governance to oversee our information security practices. IT Governance are industry experts in the field of information security and have a long history of working with Information Security.

The Directors of IT Governance were responsible for the first company (BLLCP) to achieve BS 7799 registration (the precursor to ISO27001) when the standard was first promulgated in 1996. Our project lead is presently the chair of the UK ISO\IEC27001 Users Group (the UK chapter of the international ISMS User Group) and also on the management committee of the British Standards Society. Finally and perhaps most telling is the fact that IT Governance was responsible for the development of both the accredited certification scheme and related training standards.

OWASP Compliance

We are also one of the first UK companies to adopt the OWASP ASVS (Application Security Verification Standard) as part of our development life cycle and are an active member of ASVS project discussions.

OWASP ASVS defines a standard for software development that ensures application security is considered at every step in the development of software.

ASVS_One_Page_Handout.pdf

Further details on OWASP can be found on the project homepage at:

OWASP ASVS Official Pages.pdf

Security Testing

For the benefit of all our clients we have taken on board the responsibility of future security tests. Annual security tests are performed by two independant security companies at six monthly intervals. Both companies are leading industry experts in this field. Security testing of both the hardware infrastructure and software application is undertaken.

The contract for our web hosting includes a specific agreement cobering resolution of issues identified through security testing. This means that issues will be resolved through collaboration with the security company.

A further development also sees us entering into an agreement to join a certification programme of continuous monitoring.

As these security tests are instigated by Quince Associates Limited we allow the results to be circulated between interested parties where non disclosure agreements are in place. This means you will no longer need to worry about (or pay for) your own independent testing although you are of course free to do this if your organisation so wishes. The security testing that is taking place is very in depth and to a level that exceeds the testing previously carried out independently by any SeeMyData client.

The Most Secure Web Site Hosting Available

In conclusion, having sought expert advice from multiple organisations we believe that the hosting arrangements for SeeMyData provide the most secure web hosting environment available at this time.