Complying with security procedures is a priority here at CSS, especially when it comes to handling data correctly.
Data Security is paramount at CSS
Our platforms have been hosted with the market leading provider Rackspace UK Limited for over 8 years, continually achieving zero customer down time ever since. All of our solutions are also included with managed threat detection by alert logic.
CSS are committed to planning and preparing in the event of extended service outages caused by factors beyond our control and to restore service to the widest extent possible in a minimum time frame.
The following general objectives are to ensure limited disruption in the event of an incident or crisis:
- There will be a logical recovery of the business
- Impacts will be kept within acceptable levels
- Business will continue as usual, as much as possible
Disaster recovering planning
We have a SQL Server Always On availability group setup between our main and DR site locations, so that we have real-time replication of data to an off-site location in case of disaster.
With our hosting provider Rackspace all data is held within UK Data Centres in a private environment with specific sensitive fields within the database that are encrypted using AES 256bit encryption. All data also uses the Pseudonymization procedure to protect and replace field with artificial identifiers where-ever possible.
Vulnerable tests are taken regularly at CSS to ensure data security with independent tests taking place annually as part of our Cyber Essentials Plus testing. Independent annual penetration testing also takes place with an independent Crest approved auditor.
Always keeping security levels high
CSS ensures that all staff are fully trained in data security and training continues throughout their employment on an annual basis. Employees are contractually aware of their responsibilities, the security breach policies and the sanctions if they engage in inappropriate behaviour.
CSS act as data processors and put all necessary systems in place for contracts to manage their data including but not limited to;
- New data
- Data imports
- Updating/amending data
Data retention is in line with GDPR guidelines however the Data Commissioner can request changes to this outside of the guideline.