At WillisPalmer, we believe a secure and robust data process is paramount to providing reliable, effective and consistent service. We pride ourselves on our data security and the processes we have in place to ensure all data held by us and our staff is completely secure.
General Data Protection Regulations (GDPR)
What is GDPR? GDPR came into force on 25th May 2018 and is centred around the protection and privacy of personal data. In short, it states that all personal data must:
- Be processed lawfully, fairly and transparently
- Be adequate, relevant and limited to what is necessary
- Be accurate and kept up-to-date
- Kept in a form such that the data subject can be identified only as long as is necessary
- Processed in a manner that ensures its security.
- Can only be collected for specified, explicit and legitimate purposes
With that in mind, when we share data with third parties, it is done so under a written agreement to ensure our data security standards are met. We don’t and won’t pass your contact details on to third parties for marketing purposes.
Egress Software Technologies
What is Egress? Egress delivers a highly scalable and robust security infrastructure. As the backbone of the secure collaboration service, Egress Software have invested a great deal of time and resources into ensuring Egress is the most secure and scalable service on the market today. Find out more here.
To maintain our robust data security, we use Egress (secure data exchange) to allow us to communicate via an encrypted email system where necessary. This encrypts both the email, its contents and any attachments or data included meaning both internal and external recipients are protected.
What is our secure workspace? It’s an online collaboration and file sharing, with desktop integration, real-time online editing, detailed auditing and access management system. The workspace secures data at rest and in-transit using AES-256-bit encryption.
With secure online file sharing, we stay in control of users and their access. It uses multi-factor authentication and is integrated with MS Outlook, Office and all staff devices. It allows us to give access to relevant parties, control what can be seen, edited or ‘downloaded’. We can also instantly revoke access and destroy files.
The infrastructure of our server is reliable and secure. We back-up our server data allowing us a continuity of service in the event of hardware malfunctions. We secure all back-ups in a fire-proof safe. Our server is maintained and protected by our external computer services provider ensuring our data cannot be compromised and protects us from the latest threats.
We use a device encryption system called DESlock+ Pro which protects desktops, laptops, mobiles and removable devices. It offers 360-degree protection of data, wherever it might be. DESlock+ provides both pre-boot authentication and fast and transparent data security. Strong, FIPS-compliant, 256-bit encryption prevents endpoints from compromising corporate network security whilst protecting us from the horrors of a lost device, which could result in a data breach.
In the unlikely event of device loss, all WP staff devices can be remotely wiped entirely of all data.
DESlock+, encryption software, is validated to US Federal Information Processing Standard FIPS 140-2 level 1, Triple DES – Validation number 790, AES (Advanced Encryption Standard Algorithm) – Validation number 1042, SHA (Secure Hash Algorithm) – Validation number 992, RNG (Random Number Generators) – Validation number 593. DESlock+ deletes data to the DoD-5220.2 M standard ensuring that it is completely unrecoverable. DESlock+ is part of ESET, a global IT security solutions provider.
Case Managment System
We use a secure, web-based case management system named CRM. A bespoke system based on the Sage CRM platform, it allows us to report on data, securely remove and destroy files, as and when necessary. What’s more, it allows us to keep our records up to date and accurate.
Paper Files and Destruction
Although we aim to be as paperless as possible, we appreciate this isn’t always the most suitable option. This is why we have lockable filing cabinets to store sensitive or private information.
Once paper files are no longer required, they will be suitably destroyed. Destruction should be carried out in a way that preserves the confidentiality of the record.
Non-confidential records i.e. records that are clearly in the ‘public domain’ can be placed in ordinary rubbish bins or recycling bins. Confidential records should be shredded or placed in the confidential waste for collection by our approved disposal firm: CAS Advanced Shredding, ISO 14001:2004, Cert 14126178, ISO 15489-1:2001, Cert 14126168.
All copies including security copies, preservation copies and backup copies should be destroyed at the same time in the same manner.