ASOSH System Security
The ASOSH system hosts a significant amount of data for our clients which needs to be kept safe and secure. is has to be balanced with the need to allow employees to access data, often from mobile devices and whilst working in locations away from fixed offices. This increasingly includes homeworking and the use of Wi-Fi networks that may not be secure.
We provide an overview of the data security infrastructure we have in place to ensure that our system meets not only meets all regulatory requirements, but also extends to provide a high level of data security for our clients.
ASOSH uses a range of industry best practices to ensure data security. This includes:
Clients access the ASOSH system over the Internet, including via dedicated mobile apps on both Apple and Android devices. To ensure that data links maintain system security, the ASOSH system uses industry leading encryption to protect our data and connections. The technical term for this encryption is known as TLS 1.1-1.2) using 2048-bit, SHA-256 certificates. Each interaction with the ASOSH system is protected by what is called unique session tokens – these enable us to check that each person who uses the system is properly protected and that there is a verifiable way of checking that this is occurring.
Network Access Controls
Access to the backend of our system, including the actual servers, is strictly controlled and limited to selected employees within our organization.
The servers that actually deliver our service are separated from those which we used for development and testing. This insulates them from any new developments until they have been thoroughly tested and also limits of our employees who need to actually access the live servers.
All access to our system servers is closely monitored and there is an ongoing log of all interactions so that we are able to go back and check who accessed the system, what they did and what data was transferred. All passwords are highly secure and changed regularly.
We are using strict administrative controls. Access to customer data is restricted to authorized personnel. Access to production servers is limited to only Senior Level employees based on need and All access is limited, logged and tracked for auditing. Employees in engineering, operations, and developer roles with access to production data have background checks as a condition of employment.
All employees are trained on information security and privacy procedures. At no time is any user data removed from ASOSH-owned computers, and ASOSH machines use appropriate technical measures, including full-disk encryption and VPN (Virtual Private Network) access, to ensure that user data remain secure.