Versions Compared

Version Old Version 28 New Version 29
Changes made by

Lisa Clancy

Lisa Clancy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Document Version

1.0

Date Created

Date Amended

Amended By

Lisa Clancy

Skilltech Solutions Ltd - Accreditations

ISO27001

Certificate Number: 21ACM9594I

Cyber Essentials Plus

Certificate Number: IASME-CEP-008232

...

Security

Authorised Access Control via SSH Key & IP

Are these users strictly maintained by the service provider and regularly audited?

Is there Unique user access?

Is there a Password Control Policy?

Are there regular audits for access control?

Our Security Practices include:-

OS patches - applied within formally agreed patching timescales

Managed by our hosting partner

Application patches - applied within formally agreed patching timescales

Managed our hosting partner

Information Security Incident Response Plan

  • Part of our Skilltech Information Security Procedure  Data Procedure  Data Breach and Incident Response  plan 

  • Any Incident would be documented with detailed collective analysis.

Security Policy and procedures clearly defined for all employees

Staff training for security

Secure coding practices

Hiring and termination processes

Internal access & authorisation - based on principle of least privilege

Removable Media Policy

Password Standards Policy

Data Protection Policy

Regular reporting against OLAs and SLAs

...

Application Development Security

Do you use Standards in the Software Development Lifecycle?

Yes, the application is built on an industry standard framework to utilise the latest security features.  Care is taken to ensure that developments do not expose vulnerabilities in the application.  This is checked via an annual penetration test and follows OWASP (Open Web Application Security Project) Standards.

For more info on OWASP - About Us | The OWASP Foundation

Is there a fully documented Software Development Release Cycle?

This is covered off in Confluence

Do you have Versioning Control

Yes, all within Bitbucket & Atlassian

Is the Application developed in adherence to company policies

Is Application security testing part of the product lifecycle?

Are there Separate Development/Test/Staging/Production environments?

Do you employ Change Management procedures?

Hosting Partner

Everything is logged and has to go through their process for any change management

Internally

All changes to hardware or software is done via Cambridge Support and signed off by Ian Jarvis MD of Skilltech Solutions.

Documented in Information Security Policy - Change Management Standards - Systems Development v1.0and Information Security Standard - Change Management

Is SSO (Single Sign On) Supported for Microsoft & Google?

...