Customer trust and data security underpins our business

We work with a team of specialists to ensure we can provide our customers the assurance they need that their data and information is safe and secure. We continually work towards operational excellence and meeting ISO 27001 security standards.

Organisations and standards that we align to

Compliance

ISO:27001

gather360 is fully compliant with ISO:27001, and undertakes regular audit reviews of it’s processes. ISO 27001 is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS).

SOC 2

As of July 2023, gather360 is in the process of being assessed for compliance with SOC 2. SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data.

GDPR

gather360 is in full support of the General Data Protection Regulation (GDPR). GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens within the EU member states. The regulation enables EU citizens to request all the information a company has stored about them, in addition to giving them rights to request updates to this information and to request that personal information is removed from a company’s systems and removed from subprocessors who have handled their data. Please see our full Privacy Policy for more information.

Product Security

Permissions and Authentication

Access to data is limited to authorised to employees who require it for their job.

Pentests and Vulnerability Scanning

gather360 uses third-party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues. We engage third-party security experts to perform detailed penetration tests on the gather360 application and infrastructure.

2FA

If you’re using password-based authentication, you can turn on 2-factor authentication (2FA) for your organisation.

Permissions

We enable role-based permission levels for users within the app.

Password and Credential Storage

gather360 enforces a password complexity standard and stores passwords using a hashing function.

Data Protection

Encryption

gather360 is served 100% over https using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Data Hosting and Storage

gather360 services and data are hosted in Microsoft Azure facilities in the EU.

Data Protection Officer

We have an appointed Data Protection Officer to oversee and advise on our data management.

Incident Response

Failover and DR

The gather360 Data platform and associated services were built with disaster recovery in mind. Our data is hosted across multiple regions in the EU which ensures business continuity with minimal downtime.

Backups and Monitoring

gather360 have back-up policies and procedures in place to maintain required application data.

Policies

gather360 has procedures in place for security events which includes escalation procedures, rapid mitigation and post mortem.

Organisational Security

Training

All employees complete Security and Awareness training annually.

Policies

gather360 has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Vetting

gather360 performs background checks on all new employees in accordance with local laws.

Confidentiality

All employee contracts include a confidentiality agreement.