| Secure personal data in transit | - TLS in-transit encryption
|
| Secure personal data at REST | - AES-256 object-storage encryption
- AES-GCM database encryption
- MFA
- IP based access control lists
- Remote VPN endpoints
- Logging and auditing
- Intrusion detection
|
| Secure personal data within data backups | - AES-256 backup encryption
- MFA
- IP based access control lists
- Logging and auditing
- Intrusion detection
- Immutable backup vaults
- Continuous real-time backups
- AWS physical security.
|
| Authorised User identification and authorisation | - MFA
- SSO (SAML 2.0)
- Password policies
- User identification using unique IDs
- Logical separation of user data
- Detailed logging and audit control
- Granular permissions
- Ability to easily review and audit user access levels
- AWS physical security.
|
| Auditing and event logging | - Detailed system event logs
- Detailed audit logs detailing user access and all login attempts
- Customer-controlled event notifications
- Multi-tier logging within AWS infrastructure and applications
|
| IT governance | - Cyber Essentials Plus certification
- Information security policy
- Data breach policy
- Security incident policy
- Data asset registry
- Security awareness training
- Monthly risk management meetings
- Change control sign-off and reviews
- OWASP training
-
Secure code reviews
|
| Employee training | - GDPR training
- Cyber security awareness training
|
| Security testing | - Monthly vulnerability scans on all web facing endpoints
- Annual independent penetration tests.
|