Security | gather360

Customer trust and data security underpins our business

Effective use of data is not only important to our customers it’s critical to us as a business.

We work with a team of specialists to ensure we can provide our customers the assurance they need that their data and information is safe and secure. We continually work towards operational excellence and meeting ISO 27001 security standards.

Organisations and standards that we align to

Network & Application Security

Data Hosting and Storage

gather360 services and data are hosted in Microsoft Azure facilities in the EU.

Failover and DR

The gather360 Data platform and associated services were built with disaster recovery in mind. Our data is hosted across multiple regions in the EU which ensures business continuity with minimal downtime.

Permissions and Authentication

Access to data is limited to authorised employees who require it for their job.

Backups and Monitoring

gather360 have back-up policies and procedures in place to maintain required application data.

Encryption

gather360 is served 100% over https using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Pentests and Vulnerability Scanning

gather360 uses third-party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues. We engage third-party security experts to perform detailed penetration tests on the gather360 application and infrastructure.

Product Security

Incident Response

gather360 has procedures in place for security events which includes escalation procedures, rapid mitigation and post mortem.

2FA

If you’re using password-based authentication, you can turn on 2-factor authentication (2FA) for your organisation.

Permissions

We enable role-based permission levels within the app.

Password and Credential Storage

gather360 enforces a password complexity standard and stores passwords using a hashing function.

Additional Security Features

Data Protection Officer

We have an appointed Data Protection Officer to oversee and advise on our data management.

Training

All employees complete Security and Awareness training annually.

Policies

gather360 has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Vetting

gather360 performs background checks on all new employees in accordance with local laws.

Confidentiality

All employee contracts include a confidentiality agreement.