Customer trust and data security underpins our business
Effective use of data is not only important to our customers it’s critical to us as a business.
We work with a team of specialists to ensure we can provide our customers the assurance they need that their data and information is safe and secure. We continually work towards operational excellence and meeting ISO 27001 security standards.
Organisations and standards that we align to
Network & Application Security
Data Hosting and Storage
gather360 services and data are hosted in Microsoft Azure facilities in the EU.
Failover and DR
The gather360 Data platform and associated services were built with disaster recovery in mind. Our data is hosted across multiple regions in the EU which ensures business continuity with minimal downtime.
Permissions and Authentication
Access to data is limited to authorised employees who require it for their job.
Backups and Monitoring
gather360 have back-up policies and procedures in place to maintain required application data.
Encryption
gather360 is served 100% over https using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Pentests and Vulnerability Scanning
gather360 uses third-party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues. We engage third-party security experts to perform detailed penetration tests on the gather360 application and infrastructure.
Product Security
Incident Response
gather360 has procedures in place for security events which includes escalation procedures, rapid mitigation and post mortem.
2FA
If you’re using password-based authentication, you can turn on 2-factor authentication (2FA) for your organisation.
Permissions
We enable role-based permission levels within the app.
Password and Credential Storage
gather360 enforces a password complexity standard and stores passwords using a hashing function.
Additional Security Features
Data Protection Officer
We have an appointed Data Protection Officer to oversee and advise on our data management.
Training
All employees complete Security and Awareness training annually.
Policies
gather360 has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Employee Vetting
gather360 performs background checks on all new employees in accordance with local laws.
Confidentiality
All employee contracts include a confidentiality agreement.