Venom IT’s GDPR Compliance Statement
Below is Venom IT’s GDPR Compliance Statement
Article 83 of the GDPR implies that adherence to approved codes of conduct and approved certification mechanism count towards compliance.
Article 42 says, in part: “The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors.”
· ISO 27001 is the international standard that describes best practice for an ISMS (Information Security Management System). Achieving accredited certification to ISO 27001 demonstrates that a company is following information security best practice, and provides an independent, expert verification that information security is managed in line with international best practice and business objectives.
GDPR requires organisational and technical means (Article 5) to ensure the security of personal data. To this end Venom IT is certified ISO 9001 (organisational) and ISO 27001 (technical) and independently audited on ISO 27017 code of standards for cloud providers. Venom IT is also Cyber Essentials certified.
- ISO 27001 and ISO 27017 certificate number 288442018 (QMS)
- ISO 9001 certificate number 14134763 (QMS)
- Cyber Essentials certificate number 1319739119304923 (IT Governance)
Data security is of paramount concern and we have therefore implemented the following systems & certifications at our Data Centres:
We have 3 data centres, 2 of which are replicant data centres located in Manchester and the third being situated in London and serving as failover to ensure Integrity and Continuity of the data. Having the two primary data centres in Active-Active configuration means data is replicated in real time so there’s no loss of service.
The Active-Active Manchester data centres are located in a Tier 3 facility, whilst the standby London data centre is located in a Tier 2 facility, fit for purpose of redundancy. (UK tier rating i.e. Tier 4=highest)
The Manchester DCs have on-site police-linked, NSI Gold Approved, BS5979 certified control room with blast-proof steel air lock doors, concrete shell and redundant fresh air supplies. The rest of the facility is equipped with a combination of biometric access controls, virtual tripwires, visitor turnstiles and man-traps, and full-height perimeter fencing.
The Venom IT office in Sale is fitted with ordinary security measures for staffed offices, such as electronic access control, with zone separation and internal and external CCTV, battery UPS and fire alarms.
· All our data centres are ISO 27001 certified (the main component for GDPR Technical compliance), with IL4-level security
· IP Ban is our unique, proprietary software – blocks repetitive login attempts and blacklists the attacking IP address across our entire RDP network (prevention of unauthorised access)
· 2048-bit encryption (considered fit for banking)
· Auto-failover & rollback (preservation of data Integrity)
· UPS with 7-day battery backup (Continuity) The Manchester DCs uptime record and UPS redundancy levels beat the requirements of Tier 4, with an expected availability level of 99.995%. UPS redundancy configuration is 2(N+N). Diversely routed direct 11,000 HV feed from the National Grid. Backup power provided by on-site Caterpillar diesel generators.
· Fire protection using VESDA systems and FM200 gas suppression
· Secure gated access, with 24-hour security control
· All our data centres are UK-based and therefore more attractive from a GDPR-compliance point of view than US-based or third-country data centres
All support staff above apprenticeship level have a minimum of MCP or MCTS
Some of the members of staff have the following qualifications/ certifications:
· Prince 2
· Citrix CCP
· Citrix CCA
· Citrix CCE
· Citrix CCAA
· PECB CDPO
All systems run WebRoot AV. Each of the Active-Active data centres has a next-gen Fortinet UTM firewall pair (one active, one for failover; total 4 firewalls) with built-in:
- Contentdisarming & reconstruction
- Vulnerability scanning
- App control
- Web usage monitoring
- Botnet IP domain
- IP blacklisting/whitelisting
- Real-time updates & Security Research
- Autopen testing
- CASB (Cloud Access Security Broker)*
- 2-hour SLA silver support
*A Cloud Access Security Broker is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies.