Data security and SSLPost edocument delivery solutions

When deciding who provides your edocument delivery solution, one of the most important elements to consider is data security; how well your data is protected during processing, transfer and storage.

  • It is not enough that the provider uses an ISO accredited datacentre if the staff do not work to the same standards.
  • It is not enough that the provider “works” to ISO or PCIDSS standards; they are not inspected annually, by an independent external auditor.
  • It is not enough to password protect your documents and send using traditional email, these are easily hacked.

You need a reliable, robust and secure, GDPR compliant* solution provided by a high pedigree, ISO accredited specialist in data security.

Data Security & Privacy

When you choose an SSLPost solution, you are choosing to secure your data using enterprise-grade encryption. Whether the data is in transit between a business and an employee or at rest on the server, your data is locked up tight using one of the best encryption technologies available in the world today.

Achieving accredited certification to ISO/IEC 27001 demonstrates that we are following information security best practice. Externally audited, it is an independent, expert assessment of whether data is adequately protected.

This is delivered through an information security management system (ISMS). The ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

The General Data Protection Regulation (GDPR) will replace the Data Protection Act on May 25th 2018. Holding the ISO27001 accreditation does not automatically confirm compliance with this new regulation. However, there is some common ground. Notably, in the requirement to prove you are doing what you say you are doing or in other words, accountability.

As, primarily, Data Processors, we have an important role to perform in the management and security of our client’s user data. That is why we chose to implement these policies, procedures and processes in advance of the May 2018 deadline.

Our solutions may be used as part of your organisation’s overall approach to data privacy, security and the requirements of GDPR. Data is encrypted at rest on the server and in transit. Secure to International Standards, if used in accordance with the User Guides and any instruction given during training, the solution delivers compliance with the GDPR requirement to use “appropriate technical measures” to protect personal data for the selected application. GDPR and data protection regulations extend to users as well as the software they use and this must be taken into account when assessing risk for this or any other process, within your organisation.

The UK Government have yet to introduce an external certification body. However, when they do, we will be ready.

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.  Cyber Essentials focuses on the five essential elements for cyber security; secure configuration, boundary firewalls, access controls, patch management and malware protection.  We are delighted to hold the Cyber Essentials Certificate.Cyber Essentials Logo

Need to know more?  Call SSLPost today

Data security by design

Our datacentre is ISO/IEC 27001 accredited.  However, more importantly, so are we.  This means we both use data security best practices from development to delivery.

Every solution we offer follows a strict development process where data security and privacy take first place.  Each element of the solution, whether it appears as a function to the user or is hidden behind the scenes, is carefully assessed for risk.  Only when we are satisfied we have implemented best-practice risk mitigation from the ground floor up, will the solution be delivered.  You can view our security certifications here.

Contact SSLPost today and let us help your drive for GDPR compliance.

Auditing and testing

External Audits Internal Audit Vulnerability and Penetration Testing
We take data security very seriously.  So seriously, that we invite an external auditor to inspect our security policies, procedures, and practices every year.  The auditor checks to ensure that what we say should happen, does happen.  Only when fully armed with proof of the daily application of policies and our ongoing commitment to data security, will the auditor issue an ISO/IEC 27001 compliance certificate.

SSLPost are also Cyber Essentials certified.  Cyber Essentials focuses on the five essential control elements for cyber security; secure configuration, boundary firewalls, access controls, patch management and malware protection.

We internally audit every element of our ISMS and GDPR policies during the year on a monthly audit cycle to ensure that any improvement that can be made, is made.


All our systems are subject to real time vulnerability and penetration testing to ensure that any new threats are addressed immediately.  This ongoing test routine underpins our commitment to the programme of continual improvement.