Here at Rebmark, we take information security very seriously. We have had ISO 27001 accreditation since 2012 and were one of the first organisations to move over to the latest ISO27001:2013 standard. We also believe very strongly in being transparent about how we approach our business so if you have any questions, do not hesitate to get in touch. You can download our certificates for ISO 27001 and ISO 9001 here.
Where is my data held?
We have our own private cloud system here in the UK. These are dedicated servers owned by us and are collocated at one of UKFast’s datacentre in Manchester (MANOC6 to be precise). We have 100% power and connectivity SLA’s with UKFast and multiple redundant systems to ensure that you can always access your data.
How are your servers protected?
Our servers are situated behind redundant firewalls that ensure only authorised access to the systems is permitted. All access attempts (successful and unsuccessful) are logged and we are notified of any unauthorised attempts to access our systems. Additionally, we run regular third-party penetration tests to ensure that our servers and firewalls are configured as intended and that there are no unintentional access points to our systems.
Is my data encrypted?
Yes, your data is always encrypted. It is encrypted at rest (which means that it cannot be accessed if someone managed to physically steal the servers and/or hard drives that it sits on) and it is encrypted in transit (which means that no one can read it if they intercept the data on the way to your computer). We regularly configure and test our sites to make sure that deprecated cypher suites are not usable, minimising vulnerabilities to your data.
Who has access to my data?
Access to data is only provided by authorised logins. You are able to share your data with other users of the system by entering their email address – but it is not possible to access the data in any other way. Where necessary for support, we will have access to your calculations but we will not be able to see the name of your client or any of the narrative sections. If requested, we can restrict access to specific IP addresses so that your data can only be accessed from within your premises.
How frequently is my data backed up?
We have two backup systems. The first is instantaneous replication of all data to a second site so that we will always have an up to date copy in the event of a sudden and catastrophic failure. The second is a daily backup of the systems to off-site storage.
Compliance with the SRA
We have worked hard to ensure that our systems do not in any way impact on your ability to comply with your obligations to the SRA. Our data centres are in the UK and we can provide access to the SRA to your data on demand ensuring that you can achieve outcome 7.10. Our security protocols ensure that outcome 4.1 covering client confidentiality is achieved.
Do you offer on-site versions of your products?
We can provide on-site versions of our software. You will lose certain sharing functionality but other than that, the software will be exactly the same.