Transition (the Supplier) follow and implement recommendations from various governing bodies regarding best practices around Cybersecurity. The Supplier is Cyber Essentials accredited and uses this membership for seeking advice on best practices for Cybersecurity implementation.
Three Pillars of data security
IT Governance describes the principle that there are three pillars of data security, these being:
People - Every employee needs to be aware of their role in preventing cyber threats. Cybersecurity staff need to stay up to date with the latest risks, solutions and qualifications.
Processes - Documented processes should clearly define roles, responsibilities and procedures. Cyber threats are continually evolving, so processes need to be regularly reviewed.
Technology - From access controls to installing antivirus software, technology can be utilised to reduce cyber risks.
These responsibilities are outlined below, along with brief explanations.
People - The Customer is responsible for training and managing employees to ensure that Cybersecurity best practice is followed to minimise vulnerabilities. These processes should be documented, recorded and reviewed regularly.
Processes - The Customer is responsible for their Processes. The Supplier documents their contribution within the Software Support and Maintenance agreement. Once the agreement has expired, the responsibility transfers back to the Customer.
If the Customer does not have their processes established, the Supplier can help deliver these through our Consultancy Service. For example, the management of system passwords, regular password changes, leavers procedure, etc.
Technology - The Supplier is responsible for the running of sandfordparkslido.org.uk website and connected services. Other technology used by the Customer remains their responsibility.
The Supplier uses professional hosting on a UK Cloud VPS to avoid vulnerabilities that arise from independent hosting. The Supplier ensures best practices are used to secure web server and database, including patching to keep up to date with mitigating known vulnerabilities.
Server Security Features:
- Full Account Isolation
- Machine Learning Firewall
- Vulnerability & Malware Defence
- Server Logging and Review
- SSL/TLS Certificates
The Supplier keeps the application infrastructure (Perch Runway and other third-party packages) up to date with patches to mitigate known vulnerabilities.
In addition, the Supplier increases security by:
- Locking out failed logins after three attempts
- Enabling strong password rule sets
- Enforces minimum password length
- Restricting Perch Runway Dashboard access
- Monitoring vendor vulnerabilities
- Implement Open Web Application Security Project (OWASP) recommendations
If the Customer does not have their own technology processes defined, the Supplier can help deliver these through our Consultancy Service.
The Supplier monitors the web application in accordance with our Software Support and Maintenance agreement and this Cybersecurity Policy is reviewed every six months.