Content Comparison

System Operations & Network Security

Use of Antivirus and Patch management

• The database and file storage are not exposed to the Internet in any respect.

• The system runs fully-secured, appropriately patched versions of the operating system and its related libraries at all times.

• All network access to the systems are fully logged.

• There is no possible direct connection to the database servers via the Internet, and local access is mediated via multi-factor authentication.

• The data lies on completely dedicated hardware, at a highly secure, UK-based data centre.

• Antivirus software is employed on all PC’s.

• The EPAPro infrastructure is monitored by our hosting partner who utilise embargoed mailing lists and threat report channels, and any potential impact to EPAPro.

Control of installation of unauthorised applications

✔

Managed by our hosting partner

We also have an internal policy

Operational Procedures (config/installation and operation of systems hosting data)

Managed by our hosting partner

Do you have a Security Information and Event Management (SIEM) for event correlation and analysis?

Managed by our hosting partner

Security Monitoring

All of our platforms are monitored by our hosting partner to ensure no unwanted activity and also to check all systems are performing correctly.

We also do our own separate security monitoring.

We have also signed up to the NCSC Early Warning Service Early Warning - NCSC.GOV.UK

Do you utilise Firewalls and Intrusion Detection System/Identity Provider (IDS/IdP)?

✔

Do you use Encryption?

✔

All traffic is secured by TLS, all disks are encrypted

Do you have Annual PEN Testing

✔

Are your firewall rules monitored and reviewed on an annual basis as part of your CE assessment?

✔

Is there monitoring of Capacity/Scalability within your technology and infrastructure?

✔

EPAPro has 99.9 percent availability.  Annual Performance Test