Your security questions answered

You can read our security overview, know that we are GDPR compliant, but some of you will have specific security questions you'd like the answer to.

So we've compiled a list of short answers to help you complete those internal security questionnaires.

✅ YES, absolutely!

It's a big resounding yes to all the following questions:

• Is data encrypted in transit over HTTPS?
• Is data encrypted at rest?
• Is data hosted in the EU?
• Are passwords hashed and salted?
• Do you conduct regular vulnerability scans?
• Have you had an external penetration test?
• Do you have remote backups?
• Are backups encrypted?
• Do you have a Web Application Firewall?
• Do you have protection from DDoS attacks?
• Is Database access firewalled and user restricted?
• Do staff have to sign confidentiality agreements?
• Do you do regular software updates?
• Do you have a publicly disclosed change log?
• Do you monitor and disclose service uptime?
• Are hardware devices on laptops encrypted?
• Do you host in the cloud, with Microsoft Azure?
• Can I have audit reports for account activity?
• Can I take backups of our data to Excel?
• Do you provide an up to date list of 3rd party processors?
• Are you Cyber Essentials accredited?
• Can we use Single Sign On?
• Do you offer 2FA?

❌ NO, absolutely not.

And a no to these questions:

• Do you store debit/credit card details?
• Do you store data outside the EU?
• Do you sell data?