HOW WE PROTECT DATA
We have put in place appropriate security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
OUR SECURITY IS INDEPENDENTLY AUDITED
Relative Insight is ISO 27001 certified and is audited annually to ensure its compliance. ISO 27001 covers all aspects of information security and ensures we have the correct policies and processes in place for dealing with your data.
These polices include:
- Access Control and Management: who has access to our platform operations and how this access is managed
- Data Redundancy and Backup: how data is kept safe and stored in the event of adversity
- Change Management: how we make sure changes are tracked and properly reviewed from a security perspective
- Software Architecture and Development: we make sure security is considered at all stages of the development process
Relative Insight has a dedicated Security Officer, who oversees certification, compliance and data protection issues.
Internal information security forums are held at least once a year where the companies security processes and compliance is reviewed and updated where necessary.
All of our services are in the cloud, and we only use established providers with the highest security certifications (ISO 27001, SOC, etc.). We do not run our own routers, load balancers, DNS servers, or physical servers when delivering our services to you.
We take pride in our application security, and consider it throughout the development and deployment process.
- Training and Review – Code is reviewed by a senior engineer with security best practice training before being deployed to production systems.
- Automated Testing and Build Processes – We have an extensive set of automated testing procedures that are run for every code change.
- Software Dependencies – Relative Insight keeps up to date with software dependencies and has automated tools scanning for common security issues
- Development and QA Environments – These environments are separated physically from Relative Insight production environment. No customer data is ever used in development or QA environments.
- User Logins – User passwords are one-way encrypted and salted before being stored in our database.
- Penetration Testing – Relative Insight performs regular penetration test audits with a contracted third party.
Data in Transit
All data transferred in and out of Relative Insight is encrypted using hardened TLS. Relative Insight is also protected by HTTP Strict Transport Security and is pre-loaded in major browsers.
Relative Insight will only access your data as part of addressing a support query or if we have been commissioned to provided professional services around it (i.e. an analysis project). In these cases only the relevant and senior staff within Relative Insight will have access to the data.