Secure data storage Data that arrives by SFTP is automatically moved from the perimeter network to the core network. Once sensitive data has arrived on the core network, it is isolated through the use of network security permissions. This, coupled with tightly administered user accounts, ensures that sensitive data is only accessible to those who need temporary access to it as part of there job function. Network security ensures only a limited subset of users can access Client data. This group is tightly controlled to users who require access as part of their job function. At the time a client data file is used to print a job, a ‘return file’ can be generated. This file will outline every entry in the client data file that was printed. This can be supplied to the client who can then reconcile the ‘return file’ to the original print file; any modification would be highlighted at this stage. Network security is audited by our ISO27001 auditing body, 3rd party security specialists and internal ISO27001 auditors. This ensures we maintain the confidentiality, integrity and availability of you data and our ISO27001 accreditation. Information security ISO27001 As part of our cheque printing accreditation with the Cheque and Credit Clearing Company (C&CCC), certification to ISO27001 is a requirement. Our production facility has held ISO27001 Certification for 6 years. It addresses the security of information in whatever form it is held, from prid or electronically stored, to that transmitted by post or email. Whatever form the information takes, or means by which it is shared or stored, ISO27001 helps an organisation ensure it is always appropriately protected, in terms of: Confidentiality – ensuring that access to information is appropriately authorised Integrity – safeguarding the accuracy and completeness of information and processing methods Availability – ensuring that authorised users have access to information when they need it The basic objective of the Standard is to help establish and maintain an effective information management system, using a continual improvement approach. Business continuity Power A full diesel generator is installed on site that can supply an uninterrupted power supply to all equipment in the event of a power failure. Data communications 1 x SDSL connection, 1 x ADSL connection and 1 x ISDN Internet connection provided by two Internet Service Providers ensure uninterrupted data transmission at our production facility. In addition, further backup communication links are in place at Critical Mail Continuity Services Ltd (CMCS). Data storage / processing All data is held on fault tolerant drive assemblies. These hard drive arrays have built in redundancy which ensures no single drive failure could result in the loss of data. All data is regularly backed up and held off-site. Backup systems are in place for all major IT Infrastructure components. Our production facility conducts regular risk analysis and testing exercises to ensure business continuity measures work according to plan. ISO27001, titled “Information Security Management – Specification with Guidance for Use”, is a specification for the management of Information Security. For more information on the standard you can visit www.iso27001security.com
11
Made with FlippingBook - professional solution for displaying marketing and sales documents online