Warning: session_start(): open(/var/opt/remi/php74/lib/php/session/sess_lh8k83gd7q9nigho87ie7k9hjf, O_RDWR) failed: Permission denied (13) in /var/www/selectabase-build/wp-content/plugins/selectabase/selectabase.php on line 91

Warning: session_start(): Failed to read session data: files (path: /var/opt/remi/php74/lib/php/session) in /var/www/selectabase-build/wp-content/plugins/selectabase/selectabase.php on line 91
TOMS -

Technical and Organisational Measures

Technical and Organisational Measures Including Technical and Organisational Measures to Ensure the Security of the Data.

1.Security of Storage
1.1Measures for the protection of data during storage
Data is encrypted, securely stored and password protected
1.2Measures for ensuring physical security of locations at which personal data are processed
Selectabase offices can only accessed by authorised personnel. Identification required on entry. Key code and locked doors with security systems and alarms.
1.3Measures for ensuring limited data retention
Data is automatically deleted in line with the Company Data Retention Policy
1.4Measures for ensuring data minimisation
Selectabase ensure they collect no more data than is necessary for business need
2.Security of Transmission
2.1Measures for the protection of data during transmission
Data in transit is encrypted
3.Security of Processing:
3.1Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
The tools in use include but are not limited to, Firewalls at all internet borders, IPS (Intrusion Prevention System) at all internet borders, WAF (Web Application Firewall) protecting all web applications, Anti-virus systems, responding to and reporting on incidents, etc.
3.2Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
Alerts are sent to the relevant team to investigate.
3.3Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
We are regularly audited to ensure compliance with data processing, legal, statutory, and regulatory compliance obligations.
3.4Measures for certification/assurance of processes and products
Selectabase demonstrates its security maturity and evidences the measures we have in place by being externally audited and accredited with all relevant certificates.
3.5Measures for ensuring events logging
All related servers can only be accessed directly via Gravitational Teleport, ensuring all interactions are logged. All access logs on hosted servers and virtual machines on their hosting platforms.
4.Organisational security measures
4.1Measures for allowing data portability and ensuring erasure
We have a dedicated Team that provide data subjects access to their data as the gateway to all other data subject rights, including the right to data portability and deletion. Ensuring the relevant checks are made to ensure the details are only provided to the data subjects.  
4.2Measures for user identification and authorisation
All users are assigned individual unique username and password sharing is prohibited. Access to data is only provided to those who need access to complete their role. Access is provided at the level of least privilege and is regularly reviewed
4.3Measures for internal IT and IT security governance and management
All requests for alteration to the systems are submitted though relevant systems. All requests are evaluated by the IT department and assigned to the relevant projects, with a relevant task when applicable. The IT department follows secure coding practices in its code development processes.
4.4Measures for ensuring data quality
Updates are provided monthly to ensure the most up to date and accurate data is present. Also performing regular data cleansing exercises to improve the data quality.
4.5Measures for ensuring accountability
Accountability is owned by the senior management who sit at board level. Adherence with information security policy suites is controlled and monitored via clear lines of escalation, from junior management all the way up to board level management.
5.Technical security minimum requirements
5.1Measures of pseudonymisation and encryption of personal data
 All data is encrypted with AES 256 at rest and TLS 1.2 for data in transit. All backups are encrypted using a 4096bit RSA Keys
5.2Measures for ensuring system configuration, including default configuration
 Configuration of all end user devices, servers and network infrastructure is carried out in accordance with best practise system hardening guidelines. Access can be withdrawn at any point by management.
X

Request Callback

Please note calls may be recorded for training and quality purposes

    We handle your information in accordance with our Privacy Policy

    This service is available during office hours between 9am and 5:30pm Mon-Fri