Security and Data Confidentiality FAQs

How secure is the system and who manages the security?

SARD takes its responsibilities as data processors very seriously. We are fully certified to the ISO27001:2013 international standard for information security management, which forms the basis of our robust Information Security Management System (ISMS) and protects the continuous accessibility, confidentiality and integrity of your information while fulfilling our legal compliance requirements.

All our staff are trained in data protection awareness and we are fully DPA 2018 and GDPR compliant.

How do you prevent outside parties accessing system information and ensure that viruses are not uploaded with documents added to portfolios?

Penetration testing is conducted by internal audits and then tested again by independent security audits. All documents are scanned for viruses on upload.

System administrators should not have access to the system information. How do you prevent this?

System administrators only have access to the areas required to fulfil their role. By default, all permissions are denied and then explicitly permitted based on a user’s role. This is configurable for each organisation.

How do you address confidentiality and data integrity?

Our permission/role system ensures that those areas that are confidential remain so. The default is to assume that access is not granted, and permissions are only granted back if they are needed for that user.