Data security and SSLPost edocument delivery solutions

When deciding who provides your edocument delivery solution, one of the most important elements to consider is data security; how well your data is protected during processing, transfer and storage.

  • It is not enough that the provider uses an ISO accredited datacentre.
  • It is not enough that the provider “works” to ISO or PCIDSS standards.
  • It is not enough to password protect your documents and send using traditional email.

You need a reliable, robust and secure GDPR compliant solution provided by a high pedigree, ISO accredited specialist in data security.

Data Security & Privacy

When you choose an SSLPost solution, you are choosing to secure your data using enterprise-grade encryption. Whether the data is in transit between a business and an employee or at rest on the server, your data is locked up tight using one of the best encryption technologies available in the world today.

Achieving accredited certification to ISO/IEC 27001 demonstrates that we are following information security best practice. Externally audited, it is an independent, expert assessment of whether data is adequately protected.

This is delivered through an information security management system (ISMS). The ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

The General Data Protection Regulation (GDPR) will replace the Data Protection Act on May 25th 2018. Holding the ISO27001 accreditation does not automatically confirm compliance with this new regulation. However, there is some common ground. Notably, in the requirement to prove you are doing what you say you are doing or in other words, accountability.

As, primarily, Data Processors, we have an important role to perform in the management and security of our client’s user data. That is why we have chosen to implement these policies, procedures and processes in advance of the May deadline.

The UK Government have yet to introduce an external certification body. However, when they do, we will be ready.

Data security by design

Our datacentre is ISO/IEC 27001 accredited.  However, more importantly, so are we.  This means we both use data security best practices from development to delivery.

Every solution we offer follows a strict development process where data security takes first place.  Each element of the solution, whether it appears as a function to the user or is hidden behind the scenes, is carefully assessed for risk.  Only when we are satisfied we have implemented best-practice risk mitigation from the ground floor up, will the solution be delivered

Contact SSLPost today for your GDPR compliant solution.

Auditing and testing

External Audit Internal Audit Vulnerability and Penetration Testing
We take data security very seriously.  So seriously, that we invite an external auditor to inspect our security policies, procedures, and practices every year.  The auditor checks to ensure that what we say should happen, does happen.  Only when fully armed with proof of the daily application of policies and our ongoing commitment to data security, will the auditor issue an ISO/IEC 27001 compliance certificate. We internally audit every element of our ISMS and GDPR policies during the year on a monthly audit cycle to ensure that any improvement that can be made, is made. All our systems are subject to real time vulnerability and penetration testing to ensure that any new threats are addressed immediately.  This ongoing test routine underpins our commitment to the programme of continual improvement.