As our platform stores our customers’ essential business data, we think it is important for us to explain the measures we take to ensure that this data is safe and secure.
We like to be open and transparent about the technology and procedures we use to protect our customers’ data.
Our web server platform is the CentOS6 Linux operating system. The software application is written in PERL 5.14 with additional CPAN modules and the database is MySQL 5.0.95. Delivery of the content is via HTML to a standard web browser with support for Microsoft Explorer, Mozilla Firefox, Google Chrome and other WK engine browsers.
All data communication between servers and the local browser is encrypted using the Secure Socket Layer (SSL) protocol, which prevents data being viewed or altered in transit. This industry-standard approach is the same system used by banks and online payment systems.
Our servers are located in a highly secure, purpose-built facility in which direct access to the hardware is closely controlled. Entry to the facility is permitted strictly for authorised individuals, with identity checks confirmed against a photo record (e.g. passport). Within the facility, access is controlled via card-activated doors to only the permitted racks which house the servers which an individual is authorised to access.
The data centre is equipped with VESDA (Very Early Smoke Detection Apparatus) which will deploy haylon gas which does not adversely affect the electrical equipment.
The power supply to each room, rack and server is also protected. The first level of protection is provided by Uninterruptable Power Supplies, backed up by building-wide generators capable of maintaining all the servers housed there. The systems use “N+1”, which is for every item of critical power equipment (N), there is at least one backup system for it (+1).
The servers all have an extremely high capacity Internet connection which is linked to the data centre’s ‘backbone’ which comprises of multiple 10Gb connections. This is then linked to other data centres and telecommunication companies for UK and Global connectivity. A system known as Border Gateway Protocol (BGP) is used to maintain the connection if any of the fibre connections fail or any route to or from a data centre should fail; downtime is kept to a minimum, virtually zero.
The integrity of our servers is maintained by means of firewalls, antivirus software, restricting the activities of logged-in users and a programme of strict update of the Operating System.
The first level of protection comes from our policy that every server uses RAID drives (Redundant Array of Independent Disks) which means that data is replicated across multiple disks to prevent any data loss if drives fail. Secondly, all critical data and user settings are backed up twice a day and copied to a different server in a different room of the data centre. Thirdly, the data is copied completely offsite to an independent secure data vaulting service to allow fast rebuild of the data structure in the extremely unlikely event of a building-wide issue such as terrorism or flooding. All of these services are completely automated and use the network to copy the data, therefore not relying on people other than for monitoring.