As a cloud-based technology business, with a SaaS data management offering at the heart of our solutions, cyber security is part of our DNA. Our success in the industry is directly linked to our ability to keep our clients’ data safe and secure.
To keep up-to-date with the latest regulations, practices, and laws, we have a team of security experts working non-stop, keeping CloudM at the forefront of digital security protection.
As the risks associated with cyber attacks and data breaches continue to increase, information security has become a critical issue for every business. An effective approach should help defend against both external attacks and common internal threats such as accidental breaches and human error, and that’s exactly what we do.
Here’s a brief overview of the various standards we meet and the accreditations we hold to protect your data.
The essential security accreditation that organizations should look for when choosing a provider is ISO 27001. This is the international standard that provides the specification for an information security management system (ISMS).
ISO27001 is one of the most popular information security standards in the world, focusing on protecting three key aspects of information; confidentiality, integrity, and availability.
Confidentiality means that the information is not available or disclosed to unauthorized people, entities, or processes.
Integrity means that the information is complete and accurate and protected from corruption.
Availability means that the information is accessible and usable as and when authorized users require it.
These three simple components ensure all information is dealt with in a professional, secure, and unimpaired manner. We’re proud to hold our ISO 27001 certification, but our security standards don’t stop there.
The payment card industry data security standard (PCI DSS) was launched in 2004 and is the result of collaboration between major credit card brands American Express, Discover, MasterCard, and Visa.
It was created to allow the consistent and safe use of debit/credit cards globally, enabling people to use their cards without fear of having their bank accounts emptied.
Any business, merchant, or service provider that uses card payment must comply with the standard, or risk financial penalties or even removal from the system.
It’s a standard rather than a law, but any breach of PCI DSS is also a GDPR breach, as cardholder data is classified as personal data under the regulation.
To become PCI DSS compliant, as CloudM is, there are a dozen requirements that must be met by a company, with each requirement broken down into separate criteria.
These include things like Firewall configuration to protect cardholder data, the encryption of cardholder data, and regular testing of security systems and processes.
GDPR and HIPAA
CloudM is, of course, fully compliant with both GDPR and HIPAA, but what exactly are these two things, and why are they different?
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
The regulation gives individuals much greater control over how organizations process and use their personal data. Personal data consists of information such as names, location, email addresses, health records and photos - essentially anything that could identify a living person.
When the UK left the EU, not much changed. The UK just kept the GDPR and made it law in Britain. It’s nearly identical to the EU version and is known as UK-GDPR.
The Health Insurance Portability and Accountability Act was created to protect the privacy of health information in the USA.
HIPAA aims to limit access to protected health information (PHI) from misuse. It puts into place some very important and specific rules about what, how, and when an individual’s protected health information can be used.
There are 18 categories of PHI in total, including things like names and email addresses, health records, and much more. HIPAA policies are designed to keep these details from being lost or stolen, with severe penalties for companies that violate compliance rules.
NCSC Cloud Security Principles
The National Cyber Security Centre (NCSC) is an organization set up by the UK Government, tasked with helping to make Britain the safest place to live and work online.