Customer trust and data security underpins our business
We work with a team of specialists to ensure we can provide our customers the assurance they need that their data and information is safe and secure. We continually work towards operational excellence and meeting ISO 27001 security standards.
Organisations and standards that we align to
gather360 is fully compliant with ISO:27001, and undertakes regular audit reviews of it’s processes. ISO 27001 is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS).
As of July 2023, gather360 is in the process of being assessed for compliance with SOC 2. SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data.
Permissions and Authentication
Access to data is limited to authorised to employees who require it for their job.
Pentests and Vulnerability Scanning
gather360 uses third-party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues. We engage third-party security experts to perform detailed penetration tests on the gather360 application and infrastructure.
If you’re using password-based authentication, you can turn on 2-factor authentication (2FA) for your organisation.
We enable role-based permission levels for users within the app.
Password and Credential Storage
gather360 enforces a password complexity standard and stores passwords using a hashing function.
gather360 is served 100% over https using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Data Hosting and Storage
gather360 services and data are hosted in Microsoft Azure facilities in the EU.
Data Protection Officer
We have an appointed Data Protection Officer to oversee and advise on our data management.
Failover and DR
The gather360 Data platform and associated services were built with disaster recovery in mind. Our data is hosted across multiple regions in the EU which ensures business continuity with minimal downtime.
Backups and Monitoring
gather360 have back-up policies and procedures in place to maintain required application data.
gather360 has procedures in place for security events which includes escalation procedures, rapid mitigation and post mortem.
All employees complete Security and Awareness training annually.
gather360 has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
gather360 performs background checks on all new employees in accordance with local laws.
All employee contracts include a confidentiality agreement.