Security Statement

If you need sensitive data to be accessible both inside and outside of your network, across a range of devices, then the first and most important consideration is finding a completely secure place to house that data.

Cloud Dialogs gives you this as our platform is hosted in one of the most secure data centres in the country, certified and continually audited to financial services / on-line banking standards.

Having ensured that the permanent data store is as secure as can be achieved, the other solution components then work to make sure that security is never compromised.

Key components are as follows;

Solution Architecture

– within the Cloud Dialogs platform all customer data is kept separate and access to each account is restricted and controlled. Strong password policies are applied for all user access.

2-factor authentication

– is enabled on all accounts, you can set security policies so that all user access to the system’s Web interface requires 2-factor authentication. When a user logs in with their username and password the system automatically e-mails or texts them an access code which is unique for the session. Even if someone knows you username and password they cannot access the system without access to your e-mail or phone.

Network Connections

– the only link from your network is a single, encrypted, outbound connection to a fixed point on our network, so at no point do you allow any inbound connection and at no point are any mobile devices directly connected to your network. The integration component supplied by Cloud Dialogs can reside in the DMZ or behind your firewalls, and can access our servers directly or via a proxy.

The integration component is based on open standards and can fit into any organisations pre-existing IT policy.

Device Security

– wherever data is help on mobile device that data is encrypted. All data connection between devices and our servers uses HTTPS so that data is encrypted at all times. Data is only held on the device for the duration of the visit, as soon as the related visit is completed the data is completely deleted from the device.

Device Management

– data held on a mobile device is kept to a minimum, devices can be remote wiped and disabled if lost or stolen

Data Centre Information

– our servers are within Rackspace’s fully managed datacentre in London,  are pro-actively and continuously monitored to detect security threats and address them in the fastest possible time, 24 x 7 x 365.

Servers are routinely patched to ensure any known security risks are addressed. Our data centres are engineered with fully redundant connectivity, power and HVAC to avoid any single point of failure. Multi-level security systems ensure that only data centre Operations Engineers are physically allowed near your routers, switches and servers.

Our data centres have the largest multi-homed self-healing network available in any UK data centre. The network also incorporates a patented Intrusion Detection System (IDS) to protect against external threats

All servers have a 100% power, 100% network uptime guarantee

Our data centres are accredited to PCI DSS, ISO27001, and ISAE 3402 Type II SOC 1 standards, ensuring your sites and applications are secured by the best processes and technologies.

ISO 27001

Is an international standard that defines an Information Security Management System which, being auditable, is a test of an organisation’s controls. Information Security Management Systems (especially those based on recognised standards such as ISO 27001, COBIT, ITIL, etc.) are the foundation for sustainable security.

A full reassessment is required every 3 years, and surveillance audits which review a section of the ISMS are performed every 6 months.

ISAE 3402 Type II SOC 1

A full reassessment is required every 3 years, and surveillance audits which review a section of the ISMS are performed every 6 months.

PCI Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry Security Standards Council (PCI SSC)