Glantus implement appropriate technical and organisational measures to maintain the security, confidentiality and integrity of Company Personal Data and ensure a level of security appropriate to the risk associated with the Processing activity, including, at a minimum, the measures referred to in Article 32(1) of the GDPR;
Implement and maintain appropriate security measures in accordance with good industry practice in the country or countries in which Vendor is Processing Company Personal Data and in accordance with the requirements of all Data Protection Laws; Use encryption methods to safeguard Company Personal Data while in transit; and
Regularly monitor compliance with such security safeguards and ensure that there is no material decrease in the level of security afforded to Company Personal Data during the duration of the Processing.
For US Customer Data please see a link for the Datacentres we use in Marlborough, MA which are ISO27001 and PCI DSS rated. The equipment located in the datacentre is wholly owned and managed by Glantus. Access to the equipment is managed by an approved lists of employees. Also we make extensive use of theMicrosoft Azure platform for EU/UK and US data with dedicated data stores in the country where the data originates.
All Communication to our infrastructure is fully encrypted using SSL/TLS to dedicated Frontend servers or services.
Servers holding any data, sit within a segregated Network, away from the frontend network housing the frontend servers. Communication between these networks is strictly controlled and there is no Direct access from the internet to the Network on which the Data resides.
All of the above sits behind a pair of Highly available, Load Balanced Firewalls, that protect the Exterior perimeter of the network and controls access between the individual network segments. At no point is unencrypted data transmitted outside the System.
Glantus user access to any systems/networks is further secured by the use of Multifactor Authentication where possible. Data is backed up nightly to an encrypted backup, and a test restore is performed every month on a random server and file selection. All of the above is monitored constantly for operational performance and anomalous behaviour is highlighted and alerted upon.
In addition, a Risk Committee meets at regular intervals to assess risk in various areas of the company including Information Security.