Our Data Security Policy



Data security and confidentiality
are our highest priorities
 



We take our obligations as custodian of our clients' data extremely seriously.  We abide by both the letter and the spirit of the Data Protection Act to ensure that records are kept or destroyed in accordance with the law in service of our clients.

We are fully computerised and all of our computer records are encrypted to the extent that even if nefarious parties were able to steal them, they would be useless to them. Paper copies of all documents containing client data are scanned to encrypted media and then either destroyed (if ours) or returned to our clients.

We use digital signing to verify our email so that our clients and any companies we communicate with on behalf of our clients can be assured of the validity of messages.  We also use encryption whenever sending or receiving any client information by email - this ensures that if the email goes astray or is intercepted en-route it is useless without the relevant passphrases.  We don't often exchange information with clients by email but if you want us to email you anything important we'll help you ensure it's secure.

If you'd like to know more about data encryption you can read about it on Get Safe Online's "Use Encryption" page by clicking here or the Information Commissioner's Office's "Our Approach to Encryption" page by clicking here.






Disaster Recovery




We back up all our data incrementally both on-site and off-site in encrypted form, ensuring that in the event of fire or flood we would be able to restore service to our clients promptly. 

We have a disaster recovery plan in place and we engage a locum adviser firm which would take over servicing our clients if we were unable to.






Computer Security




We use Debian GNU/Linux operating system almost exclusively and we try to use Free and Open Source Software wherever possible.  We do this because when compared to some proprietary systems we believe this is more reliable, allows us a higher level of control and customisation and is typically regarded as less susceptible to attack by malware like viruses and "trojans".

The overwhelming majority of viruses and other "malware" can only attack proprietary systems like Microsoft Windows.  Although malware threats do of course exist which can target other operating systems including Debian GNU/Linux they are far less common, hence we believe that using these systems reduces the risk of compromise.  We use antivirus software on all of our systems and run daily scans and updates. We regularly update our software to ensure that it remains secure.

Some 3rd party websites and software providers require the use of proprietary systems and do not provide us with any alternative.  In order to use these services for our clients whilst minimising risk we run them within "virtual machines" - essentially we run a computer within a computer.  This lets us do two things - firstly we can control exactly what information the proprietary systems have access to, and secondly when we've finished using them we can completely shut them down and switch back to Debian.

More information about Debian can be found here: www.debian.org




Get Safe Online




If you would like to know more about computer and internet safety, we'd recommend "Get Safe Online" which is the UK’s national internet security awareness campaign for the general public, micro and small businesses.  It is a joint initiative between HM government, the Serious Organised Crime Agency (SOCA), and private sector sponsors from the worlds of technology, retail and finance.

The campaign website www.getsafeonline.org is the definitive source 
of free, unbiased, current information and advice about how to keep safe and secure online.