Date: 10 April 2017
We take security very seriously here at CybSafe. And for good reason: every person and team using our product expects their data to be protected and secure. We understand how important the responsibility of safeguarding this data is to our customers, and we are proud to exceed the industry standard when it comes to protecting your organization.
We combine enterprise-class security features with comprehensive audits and penetration tests of our platform to ensure customer and business data is always protected. And our customers rest easy knowing their information is safe, their interactions are secure, and their businesses are protected.
We achieve this through ensuring that:
Some of the key security measures that are in place on the website and server infrastructure are:
Data centre and network security
We ensure the confidentiality and integrity of your data with industry best practices. CybSafe servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Data transfer uses strong SSL encryption (rated A+ by Qualisys Labs)
We take steps to securely develop and test against security threats to ensure the safety of our customer data.
In addition, CybSafe employs third-party security experts, who are Information Systems Security Professionals (CISSP, GIAC, IISP, TOGAF 9 certified), to perform detailed penetration tests on our platform.
Product security features
We make it seamless for customers to manage access and sharing policies with authentication and single-sign on (SSO) options. All communications with CybSafe servers are encrypted using industry standard HTTPS over public networks, meaning the traffic between you and CybSafe is secure.
• Uses recognised frameworks with strong security credentials
• Follows strong security practices - e.g. login lockouts, password hashing with modern algorithms, protection against common attacks (CSRF, SQL injection, form tampering etc), data sanitisation, input validation
• Centralised access control lists restrict sensitive information to users that have permission to access it
• Minimal Personal Identifiable Information stored for site users (restricted to user’s name, company, department and email address)
• Data transfer uses strong SSL encryption (rated A+ by Qualisys Labs)
• Codebase integrity maintained through Git version control and rigorous testing
• All data hosted on dedicated servers by UK Fast - the data centres are ISO 27001 certified, PCI-compliant and recognised as being at IL4 standard. UKFast data centre is based in Manchester
Database content is backed up nightly, encrypted and stored remotely. Encrypted remote backups stored in Amazon S3 cloud (Ireland data centre). Remote backups are encrypted using a 256bit-rijndael cipher. We apply a backup regime that means we can recover all CybSafe data at short notice should we need to. No data leaves the EU.
Business and IT Security Accreditations
We implement security best practices to meet not just industry-based compliance, but the most stringent requirements. Our hosting facilities maintain the following accreditations: