How is CIPHR securing customers’ data?
As a trusted processor of our customers’ data, CIPHR has always taken steps to ensure that the appropriate technical measures are in place to deliver a secure environment for our solutions. We are always looking to enhance our security measures and have incorporated multiple layers of encryption technologies, protective monitoring and auditing solutions.
Our applications and infrastructure are regularly assessed by both internal and external vulnerability and penetration-testing programs using our internal Certified Ethical Hacker (CEH) resources, as well as through a partnership with several external CREST-accredited penetration testing organisations.
CIPHR’s internal security forum, led by our head of information security, meets regularly to review all the security measures we have in place – including associated policies and procedures – to ensure they are maintained appropriately. The forum also creates and delivers regular training and awareness sessions relating to all areas of information security for all CIPHR employees. All CIPHR employees are also background checked to a minimum of the BS7858 standard.
All our technical measures, policies and procedures are externally audited by the British Standards Institute (BSI) each year to validate our ongoing compliance with the Information Security Management System (ISO27001:2013) framework, which we have maintained since 2014.
To ensure we are fully compliant with the GDPR we have invested in external training to ensure we have certified GDPR practitioners within the security forum. We have also conducted specific audits to confirm our data and documents, including policies and procedures, are compliant with both the ISO27001:2013 framework and the GDPR.
Latest GDPR resources
We would strongly recommend that you seek your own legal advice if you are unsure about the implications of data protection laws on your business.
The information contained on this website is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice. While we have made every effort to ensure that the information provided on this document is correct and up to date, CIPHR makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied. CIPHR will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information, or from any action or decisions taken as a result of using this information.