Our Data Processor uses a hosting services provider for Live Products and Services that is a Tier 1 ISO who provides industry-leading security and has a long list of internationally recognised certifications and accreditation’s including: ISO 27001 for information security, ISO 9001 for quality management systems, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI Level 1, The Crown Commercial Service (CCS) and multiple Microsoft accreditation’s plus many others.
All customer data is backed up at regular intervals and stored in two alternative locations within the EU at all times, as per AWS recommended guidelines. Finally, security and performance tests are carried out at regular intervals to ensure the smooth running of the service.
Along with a username and password, all customer databases can be secured with additional layers of security including Access Control and use of the in-built Permissions System. All customer data can be exported at any time from within the system by an authorised user. Finally, there is a system log which provides an overview of activity on the database for auditing records and security purposes.
In the unlikely event of a data breach, the Data Processor has strict procedures in place to report this to Nordic Staff Ltd, and the ICO within 72 hours of discovery.