Hosting and Security
Hosting, Back-up and Data Security
Below is a brief overview of the main details, please enquire for specifics.
The E-Commerce Workroom host all our sites on UK based SSD servers, managed and configured by us.
Websites that handle payment online are all on on PCI DSS compliant servers. Servers are externally penetration tested regularly for any new issues.
The E-Commerce Workroom do not hold payment details for our clients and manage the security of the data transfer between the client website to the third party payment provider, who then hold responsibility for the security of that data.
The E-Commerce Workroom internally follow the guidelines set out by ISO 27002 for data security. These guidelines and principles include-
- Physical access to office environment restricted, reviewed and approved quarterly.
- Other than in public areas such as the reception foyer, and private areas such as rest rooms, visitors are escorted at all times by an employee while on the premises.
- All employees are screened prior to employment, including identity verification using a passport and two satisfactory professional character references are taken and kept on record.
- All employees formally accept a binding confidentiality and non-disclosure agreements concerning personal and proprietary information provided to or generated by them in the course of employment.
- All access keys and corporate assets are returned by any leaving employee as a condition of authorising their final pay.
- Generic or test IDs are not created or enabled on production systems unless specifically authorised by the relevant Information Asset Owners.
- Passwords or pass-phrases must be lengthy and complex, consisting of a mix of letters, numerals and special characters that would be difficult to guess.
- Passwords or pass-phrases must not be written down or stored in readable format.
- Users must either log off or password-lock their sessions before leaving them unattended and screensavers have an inactivity timeout of 10 minutes enabled on all workstations/PCs.
- Write access to removable media (USB drives, CD/DVD writers etc.) are disabled on all computers.
All live sites are backed-up remotely daily and websites are backed up at least once a month to a secure data storage unit held by the E-Commerce Workroom.