Easy to Deploy, Easy to Integrate
Security is paramount at CourtCorrect
See additional details on how we keep your data safe below. Further details and supporting evidence is available on request.
Physical Security Control
CONTROL
STATUS
Secure Office Facilities in London Fitzrovia
Access requires multiple keys and keycard systems. Only permanent employees are provided with access.
CCTV Monitoring & Alarm System
Our offices are monitored by CCTV 24/7 and have automatic alarm triggers.
Minimising sensitive information within the office environment
We do not store important data & hard drives at the office, but instead store these in remote safes accessible only by Senior management.
OVH Cloud Servers
Our customer data is stored exclusively in the cloud and hence we benefit from the high security access controls of OVH Cloud:https://www.ovhcloud.com/en-gb/personal-data-protection/security/.
Systems Access Controls
CONTROL
STATUS
Strong Passwords and 2-Factor Authentication
Strong password & Two-Factor Authentication required across users: all employees and staff must follow our internal password and authentication requirements, including setting a non-trivial, non-English, random, alphanumeric password and enforcing two-factor authentication across devices.
Password Manager
We use a password manager to store and share passwords internally.
Remote disconnect and logout
In the event of an employee leaving the business or losing a device, we have the ability to terminate access and sessions to our internal systems remotely and do so within 24 hours of an employee leaving the business or ad-hoc when notified of a lost device.
Device Management
We maintain a list of all company devices and periodically review these when access needs to be terminated or changed.
Data Access Controls
CONTROL
STATUS
Restricted access to data systems
Restricting access to data systems on a “need-to-know” basis, ie only giving access to data where strictly required for the performance of our contractual obligations.
Automatic Backups
To ensure redundancy and backups, we have configured automatic backups with our cloud partner, OVH Cloud, and additionally benefit from their redundancy policy: https://blog.ovhcloud.com/disaster-recovery-and-geographical-redundancy-solutions-using-ovhcloud-dedicated-servers/.
Audit Trails
We have configured automatic audit trails to ensure that there is a complete record of any user accessing any data asset across our systems.
Data Classification
We categorise data based on sensitivity, confidentiality and risks to the rights of individuals under GDPR and further restrict access to such data on a “strictly necessary” basis.
Encryption
Sensitive information, like passwords, authentication codes or payment information, is encrypted at rest to ensure that it cannot be exploited in the event of a data breach.
Automated scans
We perform automated scans in real-time on an application layer and code level using best-in-class tools.
Transmission Controls
CONTROL
STATUS
Encrypting all traffic
All data sent to and from our systems is encrypted using TLS/SSL certificates.
Hidden internal API structure
We ensure that any internal network traffic is hidden from the public.
Regular review of transmission data
All transmission data logs are scanned regularly by automated tools and manual spot-checks to ensure that transmissions is occurring normally. Suspicious activity is reviewed and investigated on an ongoing basis.
Input Controls
CONTROL
STATUS
Data validation
We configure data validation on a component level and block malicious attempts to insert data.
Required fields
We ensure that all data that is necessary for the system to perform as intended is required on the component level.
Sanitisation
We sanitise all user input using a variety of automated checks in order to ensure no malicious data can be inserted or scripts executed.
Error handling and messaging
We ensure that all errors have clear error response messages so that users understand where corrections need to be made before proceeding.
File type restrictions
We restrict the types of files that can be uploaded to our system in order to prevent malicious files to be uploaded to our systems.
External Accreditations
CONTROL
STATUS
External penetration tests
This includes a full source code review and attempted penetration by giving remote access to our systems in a secure environment.
ISO & SOC Accredtiations
Through our cloud provider, we benefit from a variety of external accreditations, such as ISO27001, ISO27017, ISO27018, ISO27701 and SOC 3 Type 2.
Incident Response Plans
CONTROL
STATUS
24/7 Internal Emergency Hotline
We provide 24/7 internal emergency hotline staffed by a Senior engineer to ensure immediate remediation.
Transparent communication
Transparent communication to customers and staff as soon as an issue has arisen.
Collaboration with regulatory authorities
We collaborate with external regulatory authorities, like the ICO and the National Cyber Security Centre to ensure best practices are followed and legal disclosures are made where appropriate.
Training
CONTROL
STATUS
Having bi-weekly cybersecurity sessions with staff
In these sessions the entire company is reminded of our internal guidelines, industry best practices and relevant recent public and internal activity.
Monthly meeting within our Engineering team
We conduct monthly meetings within our Engineering team to review any updates to our environments or packages and to review any risks within our architecture. Remedial action is scheduled based on a risk assessment and urgent items are resolved within 24 hours.