{"id":4528,"date":"2018-04-13T14:28:21","date_gmt":"2018-04-13T13:28:21","guid":{"rendered":"https:\/\/cybersmart.com\/?page_id=4528"},"modified":"2022-04-11T09:53:22","modified_gmt":"2022-04-11T08:53:22","slug":"security","status":"publish","type":"page","link":"https:\/\/cybersmart.com\/security\/","title":{"rendered":"Security"},"content":{"rendered":"\n
<\/p>\n
CyberSmart is dedicated to not just empowering and improving the security of our customers, but for ourselves – we take our own security very seriously. Our highly-trained security experts work alongside external professionals to ensure a robust and adaptive security program that extends throughout the organisation and into our customers.<\/span><\/p>\n We practice what we preach by maintaining Cyber Essentials<\/a> and Cyber Essentials Plus<\/a> certification and have also achieved the global information security benchmark, an independently certified ISO 27001. Our Information Security Management System (ISMS) focuses on the confidentiality, availability and integrity of our data and products of our company, our people and our customers.<\/span><\/p>\n If you have any questions or would like to responsibly disclosure a possible security finding please reach out to us at <\/span>security@cybersmart.co.uk<\/span><\/a><\/p>\n We make sure your information is always kept secret and private.<\/span><\/p>\n We ensure the completeness, consistency, and accuracy of the data over its lifecycle.<\/p>\n We ensure the right information is available to the right person at the right time.<\/span><\/p>\n All CyberSmart employees undergo thorough background and identification checks from previous employers. We seek to minimise human risk and maintain the trust of our customers and partners.\u00a0<\/span><\/p>\n All CyberSmart employees undergo a regular internal security awareness training program which is delivered and monitored by our security experts.<\/span><\/p>\n In order to design and operate our platform, we utilise qualified security professionals with recognised certifications in technical security architecture as well as governance, risk, and compliance.<\/span><\/p>\n We utilise segregation of duties alongside the principle of least privilege for employees so we can confidently ensure access is limited to only those that need access to data and systems, for a specified purpose and duration.\u00a0<\/span><\/p>\n Our Information Security Management System (ISMS) requires us to determine information security risks and then choose appropriate controls to handle them.\u00a0<\/span><\/p>\n As a security company, we maintain the highest standards of information security and thus we apply controls across all 14 domains of ISO 27001, namely:<\/span> We utilise the most secure and resilient infrastructure from AWS which ensures servers are always patched and up to date.<\/span><\/p>\n Web servers store no sensitive information – this is retrieved from an AES-256 encrypted database accessible only within the virtual private cloud. Automated security tests are performed internally across the codebase on every commit. External automated web application security testing is performed daily.\u00a0<\/span><\/p>\n In addition, we undertake annual third-party security audits with certified security auditors including web, desktop and mobile application penetration tests to ensure comprehensive coverage.<\/span><\/p>\n Our policies on customer data, contracts and agreements can be found below:\u00a0<\/span><\/p>\n Terms & Conditions: End-user license agreement<\/strong><\/p>\n https:\/\/cybersmart.com\/terms\/<\/span><\/a><\/p>\n Privacy Policy<\/strong><\/p>\n https:\/\/cybersmart.com\/privacy\/<\/span><\/a><\/p>\n Partner SLA<\/strong><\/p>\n https:\/\/cybersmart.com\/partner-sla\/<\/span><\/a><\/p>\n Application Data (CyberSmart Active Protect)<\/strong><\/p>\n https:\/\/help.cybersmart.com\/portal\/en-gb\/kb\/articles\/what-data-does-the-cybersmart-software-collect<\/span><\/a><\/p>\n We adopt principles of <\/span>Secure by Design<\/span><\/a>, including:\u00a0<\/span><\/p>\n We use encryption in all of the following scenarios:<\/span> We host data in multiple availability zones\/regions in order to maximise availability. Within the UK production environment, this includes the UK and Ireland regions. For European production environments, this is hosted within the country if available and within the nearest EU data centre if not. The exception to this is Cyber Essentials data, which is hosted exclusively within the UK.<\/span><\/p>\n Where possible, we deploy a High Availability (HA) architecture to ensure resilience with automated failover to provide uninterrupted service.<\/span><\/p>\n We operate a mature secure software development life cycle (SDLC), which includes but is not limited to:<\/span><\/p>\n This is an overview of the security measures we take to assure our customers and ensure we maintain the integrity, confidentiality and availability of data. If you have any further questions, please reach out to us at <\/span>security@cybersmart.co.uk<\/span><\/a>\n","protected":false},"excerpt":{"rendered":" Security at CyberSmart CyberSmart is dedicated to not just empowering and improving the security of our customers, but for ourselves – we take our own security very seriously. Our…<\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"yoast_head":"\nISMS Security Values\u00a0\u00a0<\/b><\/h2>\n
<\/h3>\n
Confidentiality\u00a0<\/b><\/h3>\n
Integrity\u00a0<\/b><\/h3>\n
Availability\u00a0<\/b><\/h3>\n
People<\/b><\/h2>\n
<\/h3>\n
Background Checks\u00a0<\/b><\/h3>\n
Training\u00a0<\/b><\/h3>\n
Security Expertise<\/b><\/h3>\n
Minimised Access\u00a0<\/b><\/h3>\n
Process<\/b><\/h2>\n
<\/h3>\n
Information Security Management System\u00a0<\/b><\/h3>\n
\n<\/span><\/p>\n\n
Cyber Resiliency, Business Continuity, and Disaster Recovery\u00a0<\/b><\/h3>\n
Customer Data, Contracts and Agreements\u00a0<\/b><\/h3>\n
Technology\u00a0<\/b><\/h2>\n
<\/h3>\n
Secure by Design\u00a0<\/b><\/h3>\n
\n
Encryption\u00a0<\/b><\/h3>\n
\n<\/b><\/p>\n\n
Data Centers<\/b>
\n<\/b><\/h3>\nDevelopment, Security & Operations (DevSecOps)\u00a0<\/b><\/h3>\n
\n