Screen-shot-2014-07-05-at-15.46.55.png

Security

Keeping your data safe and available to you is our number one priority. As a SaaS service provider we fully understand your need to ensure that we have sufficient experience and policies in place to keep your data safe within a professional Information Security framework.

Based here in the UK we serve important UK public-sector clients and continue to do so because of our customer service, attention to detail and robust security policies. You will find answers to the most common security questions here:

  • 1. Data storage location: Whilst you can access your data securely from anywhere in the world, the software is hosted on our cloud platform in England and the data itself is stored in England, with uploaded files and backups stored in England, Ireland and Amsterdam. You have ongoing access and tools to download your live data at all times. This CRM service provider company is limited and registered in England and listed with the UK’s Information Commissioner’s Office.

  • 2. Data access: Your data is only available to users you authorise. You have full user administration rights and can create and amend your own users. You have the ability to close down single user or all user access at any time. Access is via our secure https connection using our authentication and security measures. User logins and actions are recorded in your user log for inspection and to support any investigation into suspected inappropriate or illegal user activity.

  • 3. Back up and recovery: Our Business Continuity Plan ensures that your data is backed up to alternative and secure locations we have within the European Economic Area. Our Business Continuity Plan allows you to access your data via our systems, through unexpected small-scale and transient interruptions right up to and including total SaaS provider business failure.

  • 4. Regulatory compliance: As your data is stored within the European Economic Area, you are able to comply with your obligations in the Data Protection Act 2018. Using the built-in student opt-in permissions controls within the system you are able to comply with your obligations under the European Union’s Data Protection Directive 95/46/EC). Primary responsibility for compliance rests with you as Data Controller, within the framework of our joint Data Protection Controller/Processor agreement.

  • 5. Information Security standards: Our experienced professionals monitor our information security status, and are continually enhancing our Information Security Management System to ensure compliance with security standards, following the codes of practice set out in ISO/IEC 27002. Whilst we are heading towards independent certification, we are not there yet, however our existing standards meet those recognised in the IS industry. Please address any IS questions to us at: is@dataharvesting.com

  • 6. Responsible disclosure: If you discover a security vulnerability, please report it to only us in a responsible manner, by emailing us at security@dataharvesting.com - as publicly disclosing a vulnerability can put the wider community at risk until it is resolved. Following such disclosure, we will work with you to understand and resolve the issue. Thank you.

    • Out of concern for the availability of our services to all users, please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam people, or do other similarly questionable things. We also discourage the use of any vulnerability testing tools that automatically generate significant volumes of traffic.

    • Not all disclosures will be judged to be sufficiently significant to warrant remedial action. Bugs requiring exceedingly unlikely user interaction, ie, a cross-site scripting flaw that requires the victim to manually type in an XSS payload into Google Maps and then double-click an error message may realistically not meet the bar. Email us at security@dataharvesting.com and we will let you know, thank you.

Thank you to our contributors

Data Harvesting thanks the following individuals and organisations that have identified security vulnerabilities in accordance with our Responsible Disclosure Policy: