Security is paramount at CourtCorrect

Security is paramount at CourtCorrect

Security is paramount at CourtCorrect

See additional details on how we keep your data safe below. Further details and supporting evidence is available on request.

Physical Security Control

CONTROL

STATUS

Secure Office Facilities in London Fitzrovia

Access requires multiple keys and keycard systems. Only permanent employees are provided with access.

CCTV Monitoring & Alarm System

Our offices are monitored by CCTV 24/7 and have automatic alarm triggers.

Minimising sensitive information within the office environment

We do not store important data & hard drives at the office, but instead store these in remote safes accessible only by Senior management.

OVH Cloud Servers

Our customer data is stored exclusively in the cloud and hence we benefit from the high security access controls of OVH Cloud:https://www.ovhcloud.com/en-gb/personal-data-protection/security/.

Systems Access Controls

CONTROL

STATUS

Strong Passwords and 2-Factor Authentication

Strong password & Two-Factor Authentication required across users: all employees and staff must follow our internal password and authentication requirements, including setting a non-trivial, non-English, random, alphanumeric password and enforcing two-factor authentication across devices.

Password Manager

We use a password manager to store and share passwords internally.

Remote disconnect and logout

 In the event of an employee leaving the business or losing a device, we have the ability to terminate access and sessions to our internal systems remotely and do so within 24 hours of an employee leaving the business or ad-hoc when notified of a lost device.

Device Management

We maintain a list of all company devices and periodically review these when access needs to be terminated or changed.

Data Access Controls

CONTROL

STATUS

Restricted access to data systems

Restricting access to data systems on a “need-to-know” basis, ie only giving access to data where strictly required for the performance of our contractual obligations.

Automatic Backups

To ensure redundancy and backups, we have configured automatic backups with our cloud partner, OVH Cloud, and additionally benefit from their redundancy policy: https://blog.ovhcloud.com/disaster-recovery-and-geographical-redundancy-solutions-using-ovhcloud-dedicated-servers/.

Audit Trails

We have configured automatic audit trails to ensure that there is a complete record of any user accessing any data asset across our systems.

Data Classification

We categorise data based on sensitivity, confidentiality and risks to the rights of individuals under GDPR and further restrict access to such data on a “strictly necessary” basis.

Encryption

Sensitive information, like passwords, authentication codes or payment information, is encrypted at rest to ensure that it cannot be exploited in the event of a data breach.

Automated scans

We perform automated scans in real-time on an application layer and code level using best-in-class tools.

Transmission Controls

CONTROL

STATUS

Encrypting all traffic

All data sent to and from our systems is encrypted using TLS/SSL certificates.

Hidden internal API structure

We ensure that any internal network traffic is hidden from the public.

Regular review of transmission data

All transmission data logs are scanned regularly by automated tools and manual spot-checks to ensure that transmissions is occurring normally. Suspicious activity is reviewed and investigated on an ongoing basis.

Input Controls

CONTROL

STATUS

Data validation

We configure data validation on a component level and block malicious attempts to insert data.

Required fields

We ensure that all data that is necessary for the system to perform as intended is required on the component level.

Sanitisation

We sanitise all user input using a variety of automated checks in order to ensure no malicious data can be inserted or scripts executed.

Error handling and messaging

We ensure that all errors have clear error response messages so that users understand where corrections need to be made before proceeding.

File type restrictions

We restrict the types of files that can be uploaded to our system in order to prevent malicious files to be uploaded to our systems.

External Accreditations

CONTROL

STATUS

External penetration tests

This includes a full source code review and attempted penetration by giving remote access to our systems in a secure environment.

ISO & SOC Accredtiations

Through our cloud provider, we benefit from a variety of external accreditations, such as ISO27001, ISO27017, ISO27018, ISO27701 and SOC 3 Type 2.

Incident Response Plans

CONTROL

STATUS

24/7 Internal Emergency Hotline

We provide 24/7 internal emergency hotline staffed by a Senior engineer to ensure immediate remediation.

Transparent communication

Transparent communication to customers and staff as soon as an issue has arisen.

Collaboration with regulatory authorities

We collaborate with external regulatory authorities, like the ICO and the National Cyber Security Centre to ensure best practices are followed and legal disclosures are made where appropriate.

Training

CONTROL

STATUS

Having bi-weekly cybersecurity sessions with staff

In these sessions  the entire company is reminded of our internal guidelines, industry best practices and relevant recent public and internal activity.

Monthly meeting within our Engineering team

We conduct monthly meetings within our Engineering team to review any updates to our environments or packages and to review any risks within our architecture. Remedial action is scheduled based on a risk assessment and urgent items are resolved within 24 hours.

Don't just read about it. Experience CourtCorrect directly.

Don't just read about it. Experience CourtCorrect directly.