Governance
Strong governance policies are at the heart of our everyday business. They are built into our client contracts and SLAs, so that they know that we mean what we say.
Security
Never before has our ‘no technical jargon’ promise been more relevant than in the area of security. It’s easy to place broad and misleading statements in these areas. Instead, we focus on actions that make a real difference to our customers and never stop trying to improve our approach.
Information security policies
As an IT company, we advise our clients on IT security every day, so you won’t be surprised that we take our own internal IT security very seriously. By this we mean things like secure access for our team’s devices and our back of house systems, ensuring 2FA, secure passwords and other good sense practises.
Certification
Cyber Essentials - We are Cyber Essentials certified by the Government [IASME-CE-044041], which means that we have met certain criteria to protect our systems from cyber threat and continue to be committed to do so. You can find out more about Cyber Essentials and check our certification here.
ISO 270001 – Our approach to ISO 270001 certification is to focus on putting in place the processes and systems that actually make a difference, whilst we work towards certification. For example, we make significant investment in security training across our team, but especially with our development team, who receive regular external expert training on new security threats and methods of prevention and possible attack.
Product security policies
The nature of our products means that they are both essential to the everyday running of our customer’s businesses and contain customer data. The key to maintaining the security of our products is a regular testing process. So, we conduct PEN (penetration – or anti-hacking) testing quarterly, across our key products twiindata, twiinvoice and twiinworkspace. Testing is also inbuilt to the development and trialling of any new service or software upgrade.
The question of security is most prominent with twiindata, our data bandwidth management service, which we approach in two ways. Firstly, the PEN testing focuses on the cloud software element, ensuring that the system cannot be reached externally. And then in terms of the security element of the physical network for, this is unique to the customer, but our ability to auto load firmware patches to the system and a constant audit approach to updates helps keep a site secure from this perspective. Download our twiindata security policy here.
Fundamentally though, customer network security also comes down to the way in which the network is physically deployed and managed on the customer site. Think of it like buying a brand-new car with the best possible anti-theft security, and then leaving the keys in the ignition. If you leave a comms cabinet door open, or deploy a wireless access point incorrectly, your network security is compromised. Download our Best Practise Guide to IT Security here.
GDPR
Our data privacy policy is GDPR-compliant, and can be accessed here. This policy is supported by internal systems and policies to ensure the privacy of our client data, which are embedded in the way we do business every day. The security definition between products is also relevant for GDPR (see security policies above). For our internal systems we will be the data owner, for our products we will be the data processor.
Financial audit
As a part of the wider CP Holdings Group we are held to their high standards of financial process, reporting and audit.