Security & Accreditations

Trusted, reliable and secure. We are independently ISO27001 accredited for the design, development, hosting and processing of multi-agency systems and data.

Working hard to keep your data safe.

We encrypt your data and then store it on encrypted hard drives within Police audited, accredited UK data centres.

As Empowering Communities applications are used to process Police and Government protectively marked information, our infrastructure has to meet certain security standards and is required to undergo stringent security audits. In relation to the Police Service these are done as part of Police Assured Secure Facility (PASF) audits.

We’ve also deployed an Information Security Management System (ISMS), which includes an accreditation document describing how Empowering Communities has implemented the above measures and other controls, e.g. incident reporting.
The ISMS includes:

  1. The services of a specialist security advisor with experience of working within the business area of the Home Office, Police, Border Force and Security services.
  2. A set of security associated documentation and processes to assist and support audits and information security assurance processes:
    • Staff vetting to NPPV Level 3
    • Penetration tests are undertaken in line with the CESG CHECK Scheme.
    • Participation and support of the National E-CINS Security Working Groups (SWG)

 

 

Secure Private Cloud

Our secure private cloud is restricted to single teams or organisations. The additional security offered by the ring-fenced, private, secure cloud model is vital for any organisation or team that needs to store and process OFFICIAL and OFFICIAL SENSITIVE data, or carry out sensitive tasks.

Trusted IP

Our trusted IP functionality means that we can whitelist specific IP ranges so that teams and organisation can lockdown access to their Management Desk. If you do not want your staff to login from outside work, you can restrict access by specifying the IP address of your network.

Secure and Accredited Infrastructure

Our data centre infrastructure meets the rigorous requirements for ISO20000, ISO27001 and ISO9001 accreditation.

Accredited Data Processors

Empowering Communities are experienced ISO27001 accredited data processors, trusted by local government, police forces and organisations big and small across the UK. We are also ISO9001, Cyber Essentials Plus and Cyber Essentials accredited.

Data Encryption

Communication is secured using TLS 1.2 or SSL encrypted sessions. The level of encryption is between 128-256bit depending on client capabilities. Military Grade AES-256 encryption of data is provided during transmission and whilst it is at rest within our data centre and on the users end point device. All data is encrypted at rest and must pass through a gateway network security zone before being transmitted to the client.

Empowering Communities employ a field level encryption on the E-CINS databases in addition to all data being stored on our Self Encrypting Drives (SED). The algorithm used is AES-256 which is the same level of encryption the National Security Agency (NSA) now use for anything protected up to Top Secret.