Protecting Your Data, Supporting Your Systems.
Ensuring the security of our product involves strong application security and encryption practices. Data is safeguarded through encryption both at rest and during transit, using industry-standard encryption algorithms.
Routine security assessments identify and address potential vulnerabilities within the application, contributing to a secure environment for our users.
Cybersecurity is a foundational element of our defence strategy, where we implement wide-ranging security measures, including firewalls, safeguards against distributed denial-of-service (DDoS) attacks, intrusion detection and prevention systems, secure network architecture and NGAV (Next-Generation Antivirus) for threat detection and response.
Proactive threat intelligence is used to stay ahead of evolving cybersecurity risks, providing a resilient defence against malicious activities and other network-based threats, ensuring the integrity and availability of our services
To maintain a proactive security posture, we undertake regular testing and threat assessments. This includes penetration testing, vulnerability scanning, and coding reviews.
The results guide our ongoing efforts to enhance security controls and address emerging threats promptly, ensuring a robust and resilient threat defense.
Our data centres and infrastructure are located in secure facilities with restricted access.
Surveillance, access controls, and environmental monitoring are in place to protect against unauthorised physical access and potential threats to the physical infrastructure.
We implement various measures to secure customer data throughout its lifecycle, including encryption during transmission and storage.
To mitigate the impact of data loss or system failures, we employ data backup and recovery mechanisms to quickly restore data and services in the event of an unforeseen incident, ensuring business continuity and data integrity.
We will comply with data protection regulations like GDPR (General Data Protection Regulation) to safeguard user data and maintain our high standards of privacy and security.
A paramount focus is placed on ensuring the security of payment transactions and protecting customer financial data. We adhere to the Payment Card Industry Data Security Standard (PCI DSS), implementing stringent measures to secure cardholder information.
Our commitment includes the use of encryption, secure coding practices, and regular security assessments to meet and often exceed PCI DSS requirements.
By maintaining PCI DSS compliance, we provide a secure and trustworthy environment for processing payments, instilling confidence in our customers and partners regarding the protection of sensitive financial information.
PCI DSS v4.0.1
VALIDATED
To cultivate a security-focused culture within our organisation and meet compliance requirements, we regularly conduct training and awareness programs for employees. Professional development courses are also offered to support our compliance efforts.
This ensures that all individuals involved in product development, maintenance, and operation are well-versed in best practices, minimising the risk of human errors that could lead to vulnerabilities and enhancing the overall security and integrity of our operations.
Our disaster recovery plan is designed to mitigate the impact of catastrophic events. This plan encompasses backup strategies, data recovery processes, and infrastructure redundancy.
Regular testing and simulations of various scenarios are conducted to validate the effectiveness of our procedures. This proactive approach ensures that, in the event of a disaster, our systems can be restored efficiently, safeguarding data integrity with minimal impact to our users.
