staffcircle security policy · • multi-layer tenant data segregation ... this is achieved using...
TRANSCRIPT
www.staffcircle.com
SecurityPolicy
Revision1.2b
2018
• HostedinUKbasedMicrosoftdatacentres(UKSouthandUKWest)• DatacentrescomplianttoISO27001,ISO9001,HIPAA, FedRAMP, SOC 1 and SOC 2 • Europeandatacentrelocationsalsoavailable• Jurisdictionrestrictedprocessing• Highlysecurecloud-basedSaaSoffering
• Multi-layertenantdatasegregation• Eachtenantrunsonseparatedomain• Customermaintainscontrolovertheirtenant
• Role-basedpermissionsviaAdminDashboard• OptionalIntegrationwithyourexistingIdentityManagement–example:ActiveDirectory• SAML2.0interfacetoSingleSign-On&ActiveDirectory• AccessControlReportingbuiltintoplatform
• MobileandWebappdataencryption• UsesAES256andTLS1.2encryption• Dataisencryptedinrestandintransit• VPNonlyaccesstoproductionsystems• RegularThird-PartyPenetrationtestshelppreventvulnerabilities
• UKDataProtectionAct• GeneralDataProtectionRegulation(GDPR)• DataProtectionAgreementwithcustomers• InhouseDataProtectionOfficer
• Highlyavailableclusteredplatformwithplanet-widescalingability.• Contractuallybinding99.9%availabilitywithservicecredits.• Ourplatformavailabilityismonitoredbyathirdpartyfromoutsideournetwork.
AZURECLOUDPLATFORM
MULTI-TENANCY
CUSTOMERCONTROLSACCESS
FULLENCRYPTION&SECURITY
REGULATORYCOMPLIANCE
HIGHAVAILABILITYANDSCALABILITY
• IntrusiondetectionandpreventionprocessesareperformedbyourhostingprovidersMicrosoftAzuretoensurethemaximumsecurityoftheStaffCircleplatform.DistributedDenialofservice(DDoS)ismitigatedbyourhostingproviderMicrosoftAzuretoensurethemaximumuptimeoftheStaffCircleplatform.
• LogicalaccesstotheStaffCircleproductionsystemsarerestrictedtoourcoreoperationsteamandwelogandmonitoraccesstothesystemsonaregularbasis.OursystemsareprotectedbyvariouslayersofsecurityincludingVPNaccessgatewaysandauthorisedpersonnelaregrantedaccessonlyusing2-factorauthentication.
• PhysicalaccesstoourplatformsacrossthetwoAzureData-centrelocationsarestrictlycontrolledbyMicrosoftAzuresecurityteams.
• AllStaffCircleCustomersareguaranteeda99.9%uptimeofStaffCircleplatformservices
• PlatformservicesincludeMobile,WebandPCaccesstoplatformservicesforendusersandadministrators.
• Platformserviceavailabilitytomonitoredbyexternalautomatedsystemsandreportedatourserviceportalonhttps://status.staffcircle.com
• Ourcoresystemsareredundantmeaningifonecomponentsystemfailsthereisalwaysanotheroneavailabletotakeover.Thisisachievedusingeitherclusteringorfailoverstrategies.Eachcorecomponentonourplatformisbuildusingthesestrategieswhichminimisestheimpactofanysuchfailure.
• Ourplatformsarebacked-uptoanoff-sitelocationaminimumofthreetimesper24hours.Intheextremelyunlikelyeventofacatastrophicsystemfailureorcompletefailureofthestoragelayersorlossofanentiredata-centrewewilltriggerourdisasterrecoveryprocedureswhichinvolveloadingupourDRclusterandre-importingback-updatafromoneofthethreedailybackups.
• ApplicationandPlatformisexternallytested(PenTested)withannualcertification.• Ourcodebasehasahighlevelofunittestingandweconductpeer-reviewsoncodechanges.• Weseparateourdevelopment,test,uat(useracceptancetesting)andproductionenvironments.• Weimplementautomatedbuildsandcontinuousintegration.• WeoperateinanAgileScrumdevelopmentenvironment.• Wepioneered“SecureField”technologyenablingtwo-factorauthenticationonindividualfields.
• WeadherestrictlytorelevantUKandEuropeandataprotectionlawsincludingGDPR.• Allemployeessignaconfidentialityagreementtoprotectcustomerdata.• Wedonotshareanyclientdatawithany3rdparty.
INTRUSIONDETECTIONANDDDOSMITIGATION
LOGICALANDPHYSICALACCESSTOPLATORM
AVAILABILITY,RECOVERYANDSURVIVABILITY
APPLICATIONSECURITYANDDEVELOPMENTQUALITY
DATAPROTECTIONANDCONFIDENTIALITY