Be confident your digital marketing systems are secure with Concep

One of the most valuable assets for any organisation is their data. At Concep we have in place robust policies and procedures to ensure that our clients data is secure, protected and compliant to current regulations at all times.

Operational Security

• Concep is IS0 27001:2013 certified
• Data Protection Policy ensuring adherence to the EU Data Regulations with a strategic plan in place to ensure GDPR compliance before 25th May 2018
• Strict Access Control Policy
• Background checks on all new employees
• Security and data privacy training for employees
• Acceptable use and data privacy policy in place for employees/contractors
• Cloud Storage Policy ensuring any data stored in the cloud is secure
• Incident Response Procedure in place covering all levels of incidents including data breaches
• Business Continuity and Disaster Recovery Plans tested and ready for execution

Infrastructure & Application Security

• Continuous security monitoring
• Intrusion detection systems
• Vulnerability Scanning and Patch Management Process
• Change Management Process
• All in transit data is encrypted supporting up to and including TLS 1.2
• Emails are sent using opportunistic TLS, making use of authentication and validation systems such as DKIM and DMARC
• Regular encrypted backups are taken and stored in a high redundancy storage facility
• Secure Development Policy ensuring best practice coding which is robust against any new technologies able to override the OWASP security
• Cryptographic Control Policy ensuring the confidentiality, integrity and availability of data is protected by applying an appropriate level of cryptographic control
• Regular 3rd Party Penetration Tests

Hosting

• Concep’s hosting partner is Amazon Web Services (AWS)
• All data is hosted within the EU Region
• AWS compliance certifications can be found here: https://aws.amazon.com/compliance/

About ISO