Data Security at Scientia
The nature of our work means we receive a significant amount of data from and about our customers and suppliers. It is therefore essential that we handle and store this data in a secure way to ensure that we mitigate risk to data security. These include:
- Physical access to premises and equipment
- Online and WiFi access
- Cloud security
- Password policy
- Security requirements in contracts with suppliers and customers
- Data Protection Act compliance
- Security checking of staff
- Termination of employment procedure
- Damage limitation process if data security is compromised
Data Security in the Cloud
Scientia is transitioning from on-premise installations to Software as a Service (SaaS) delivery. In doing so, we recognise the need to ensure that data is secure in every step of the supply chain, from development to use.
The UK Government’s 14 Cloud Security Principles is a widely-recognised framework covering 14 key areas of Cloud data security. Each Principle includes set of objectives for any Cloud-based implementation to achieve, in order to ensure data security. These 14 principles are aligned with ISO 27001 and have been adopted by Microsoft Azure, our chosen Cloud provider.
Scientia is aligning the Cloud Security Principles to the seven responsibilities which Microsoft have identified as contributing to the security and privacy of a computing environment: data classification & accountability; client & end-point protection; and physical security. This recognises that some responsibilities lie with the Cloud provider (Microsoft Azure), and some lie with the consumer (Scientia).
ISO 27001 accreditation
The ISO 27000 family of standards helps organisations keep information assets secure. We are working to ensure that Scientia achieves company level compliance with this standard in 2017. We will make an announcement when we have achieved that accreditation.