Security at FyfeWeb
- Encryption: Data is encrypted in transit and at rest
- Vetting & Background Checks: Anyone working for or with us is required to undergo regular
vetting and background checks
- Auditing, Logging & Alerting: We conduct regular internal audits, maintain staff
access logs for all portals, systems and services as well as employing a broad alerting system.
- Access Control: Sophisticated Physical & Digital Access Control is employed throughout
our data centre points of presence, websites, databases, data storage facilities,
systems and services.
- Business Continuity: We have in-place a business continuity plan that outlines the
process and procedure
- Policies & Procedures: We maintain company-wide policies and procedures which
govern how we operate and how we respond to different situations
- And Much More...
We recognise that our Customers’ information must be well managed, controlled and protected. To that end, We have a team that oversees FyfeWeb’s information security program, which encompasses high-quality network security, application security, identity and access controls, change management, vulnerability management and third-party penetration testing, log/event management, vendor risk management, physical security, endpoint security, physical security, governance & compliance, and HR security, disaster recovery and a host of additional controls.
Our infrastructure is protected by many mechanisms and controls, including firewalls and access control, with scans performed regularly to prevent or ensure that any exposed vulnerabilities are quickly found and patched and complete penetration tests are performed regularly. Customer data is processed at locations throughout the UK, access to systems is restricted to specific individuals based on “need to know” principles and monitored and audited for compliance. We use Transport Layer Security (TLS) encryption (also known as HTTPS) on all websites, for all customer data transfers, and customers can elect to have all their data encrypted at rest. Our Services are solely hosted and managed in-house, and data centres we use are independently audited to ISO 9001 & ISO 27001 and Tier III (3) Standards. To ensure that we maintain the highest possible levels of information security, FyfeWeb internally conforms to ISO 27001 & ISO 9001 and has procured auditing solutions from reputable third party auditors, whom audit our information security practices annually under the UK Government Cyber Essentials standards.
If you are a customer we ask that you ensure that your administrators of the Services ensure sound security practices in maintaining access credentials to your instance of the Solutions, including strong account passwords and access restrictions to your accounts to authorised persons. Where customers become aware of a compromise to any of their account credentials, we ask that you notify us immediately by contacting our Support Team.