The very best security practices underpin everything we do.
Some of the largest UK organisations outsource their financial processes to us. As such our security practices need to be at the top of their game, and in turn offer the highest possible levels of comfort to the entire P2D user community.
Physical security is provided by Rackspace, the world’s most highly regarded hosting company. Rackspace is Safe Harbour certified, a PCI Security Standards Council Member and participant of the EU-US Privacy Shield. It is certified for ISO14001, ISO9001, ISO/IEC27001, OHSAS18001, SOC3, PCI DSS Level 1, FedRAMP, DFARS, FISMA, HITRUST, HIPAA and CJIS.
As standard, all P2D systems are deployed with cutting-edge defences, including both Alert Logic Intrusion Detection Systems and Imperva Web Application Firewalls, keeping your data as secure as it could possibly be and maintaining 100% uptime. Vulnerability scanning, Penetration testing and best-practice OWASP code development also all form an integral part of our security framework.
Imperva is an analyst-recognized global cybersecurity leader who is championing the fight to secure critical data and applications wherever they reside— on-premises, in the cloud, and across hybrid environments. Their innovative, best-in-class solutions proactively identify, evaluate, and eliminate current and emerging threats from the ever-changing attacks of cybercriminals. More than 6,000 customers and 500 partners worldwide count on them to protect and provide a secure foundation for their organizations. The Imperva WAF analyzes and inspects requests coming in to applications and stops attacks. It protects against the most critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers continually monitor the threat landscape and update Imperva WAF with the latest threat data.
P2D also uses Alert Logic Threat Manager with ActiveWatch, which is Rackspace’s chosen intrusion detection and vulnerability management solution that addresses the compliance requirements of PCI DSS, HIPAA/HITECH, Sarbanes-Oxley etc. This is a 24×7 continuously monitored and fully managed security service that correlates IDS and vulnerability scanning data. It includes: network infrastructure, server infrastructure, applications, web technologies, SSL traffic. The ActiveWatch service is effectively an outsourced network security team for P2D that identifies, verifies and escalates risks and performs tailored recommendations for ongoing security tuning. This also includes constant monitoring for suspicious network traffic, investigation of malformed website requests, and the detection of security and compliance issues via aggregation of log data across our entire environment.