Data security and privacy
Handling hundreds of thousands of pieces of personal data 24/7/365 requires a privacy and security-driven approach.
When deciding who provides your edocument delivery solution, one of the most important elements to consider is the security of the infrastructure and processes involved; how well your data is protected during processing, transfer and storage. As a Data Controller or Primary Data Processor, you need a reliable, robust and secure, GDPR compliant* solution provided by a high pedigree, ISO accredited specialist in data security.
Data security by design
Our datacentre is ISO/IEC 27001 accredited. However, more importantly, so are we. This means we both use data security best practices from development to delivery.
Every solution we offer follows a strict development process where data security and privacy take first place. Each element of the solution, whether it appears as a function to the user or is hidden behind the scenes, is carefully assessed for risk. Only when we are satisfied we have implemented best-practice risk mitigation from the ground floor up, will the solution be delivered. View our security certifications.
Contact SSLPost today and let us help your drive for GDPR compliance.
When you choose an SSLPost solution, you are choosing to secure your data using enterprise-grade encryption. Whether the data is in transit between a business and an employee or at rest on the server, your data is locked up tight using one of the best encryption technologies available in the world today.
Achieving accredited certification to ISO/IEC 27001 demonstrates that we are following information security best practice. Externally audited, it is an independent, expert assessment of whether data is adequately protected by both the technology we use and the business processes we employ.
This is delivered through an Information Security Management System (ISMS). The ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
Our solutions may be used as part of your organisation’s overall approach to data privacy, security and the requirements of GDPR. Data is encrypted at rest on the server and in transit. Secure to International Standards, if used in accordance with the User Guides and any instruction given during training, the solution delivers compliance with the GDPR requirement to use “appropriate technical measures” to protect personal data for the selected application.
GDPR and data protection regulations extend to users as well as the software they use and this must be taken into account when assessing risk for this or any other process, within your organisation.
Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks. Cyber Essentials focuses on the five essential elements for cyber security; secure configuration, boundary firewalls, access controls, patch management and malware protection. We are delighted to hold the Cyber Essentials Certificate.
Internal and external audits
Once a year, we are externally audited by independent third parties to ensure we retain a high quality of security management required by ISO/IEC 27001 and Cyber Essentials.
Each month, we internally audit elements of our ISMS and GDPR policies, procedures and processes to a pre-defined audit cycle to ensure that standards are being met and any improvements that can be made, are made.
Penetration and vulnerability testing
Annual penetration tests are a little like a car MOT. They only provide a snapshot of the status at a given point in time. Although we are subject to independent penetration testing by our clients, we take this testing one step further. All our systems are subject to continuous vulnerability and penetration testing to ensure that any new threats and addressed immediately. This ongoing test routine underpins our commitment to our program of continual improvement.
Electronic delivery of payslips, P60s, P11Ds & HR communications to a secure, personalised, self-service employee portal.
Secure, encrypted email solutions that are easy to use for sensitive or confidential content.
Secure document portal for the safe delivery and storage of confidential documents such as contracts, statements & reports.