Application security features

  • Invitation only access

    Membership is by invitation only and all distributed invitations expire.

  • Password policy

    Can be defined by the client including length, expiry and characters.

  • Password Storage

    One-way encryption algorithm used and passwords stored as a salted hash.

  • Access control

    All access and every action in the system is logged. There is brute force attack prevention.

  • User tracking

    Any data gathering is under the control of the user and happens with their express consent.

  • Session cookies

    The system uses secure session domain cookies containing a session ID only, no user identifiable information is stored in that cookie.

Operational security features

  • Client data is hosted in an ISO 27001 certified data centre - currently Rackspace UK in Hayes, London
  • The data centre facilities are protected with a redundant pair of dedicated firewalls, building a DMZ to separate Web-accessible Servers from the Database Servers.
  • Access to our SaaS is encrypted and authenticated by a SSL 3.0 128-Bit Certificate. HTTPs is enforced and any http query is redirected to https before processing
  • All passwords are stored encrypted. The entire database can be encrypted on demand using AES128,196, 256 or Triple DES encryption.
  • Security testing - We have regular penetration tests on our hosted infrastructure
  • Restore/Backup Policy - Daily incremental backups are made on-site. Full backup is made every Friday at 01.00 hours. Bi-weekly full backups of client’s data are taken offsite. Backups are encrypted using AES encryption.

Got questions about security?

Contact us