Security, Privacy, and Control
Our objective is to preserve the confidentiality, integrity and availability of all information that we are entrusted with. To help achieve this, we have implemented an Information Security Management System (ISMS) by the international standard ISO/IEC 27001:2022.
We currently hold active ISO/IEC 27001:2022 externally audited accreditation from the BSI (British Standards Institute). We adhere to all GDPR responsibilities and have a ‘privacy-first’ approach to software development. The number of policies and processes covered by our compliance program is vast and includes the following key areas:
- Information security policies
- Organisation of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development, and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance
Link to our ISO/IEC 27001:2022 certificate: https://www.bsigroup.com/en-IE/products-and-services/assessment-and-certification/validation-and-verification/client-directory-profile/ARK_WO-0047594789-000
Information Security Policy
- Information is made available with minimal disruption to staff and customers as required by the business processes.
- The integrity of this information is maintained.
- Confidentiality of this information is preserved.
- Regulatory, legislative, and other applicable requirements related to information security are met.
- Appropriate information security objectives are defined and, where practicable, measured.
- Appropriate Business Continuity arrangements are in place to counteract interruptions to business activities, and these take into account information security.
- Appropriate Information security education, awareness and training are available to staff and relevant others working on behalf of the company.
- Breaches of information security, actual or suspected, are reported and investigated through appropriate processes.
- Appropriate access control is maintained, and information is protected against unauthorised access.
- Continual improvement of the information security management system is made as and when appropriate.
- Our Privacy Policy Statement shall be made available to data subjects as required.
We achieve our Information Security Policy via various processes and policies contained within our ISO/IEC 27001:2022 ISMS program.
It is the responsibility of our executive team and senior management to ensure top-down implementation of this policy.
This policy is approved and reviewed at regular intervals, or upon significant change.
We have an internal governance team that takes ownership of our information security program and is responsible for our ISO, Data Protection and GDPR statuses. They work with the respective heads of relevant departments to ensure we adhere to all audits and requirements for our accreditations.
Data Integrity
- All customer data is stored in UK region data centres
- All data is encrypted at rest and in transit
Disaster Recovery
While we don’t share the full details of our disaster recovery and business continuity arrangements publicly for security reasons, we can confirm that these capabilities are fully embedded within our ISO/IEC 27001:2022 certified Information Security Management System (ISMS).
This international standard includes stringent requirements for risk management, business continuity (Clause 6.1.2, A.5.29-A.5.31), and disaster recovery planning (A.5.30), all of which have been independently audited as part of our certification process.
Our controls and procedures are regularly reviewed, tested, and updated to ensure the resilience of our systems and services, including QUOODA®, in the event of a disruption.
Country Security
We monitor activity on our network for any signs of an attempt to attack or force access. Countries and regions where this behaviour is prevalent have additional security measures placed upon them. If accessing the system from these countries, you will see the below and need to ‘Verify you are human’.
Additional Information
If you have any further questions relating to information security, please submit a request to our support team detailing all specific enquiries.