Security
Your information is confidential. We work hard to keep it that way.
Your information is confidential. We work hard to keep it that way.
Handling your confidential documents is a responsibility Safe4 gives the utmost priority. Our key objective is to ensure your documents are protected; users who should be able to view them – can, and those who shouldn’t – can’t.
To validate our security, Safe4 undergoes regular penetration testing by organisations certified under the UK Government IT CHECK scheme administered by GCHQ to independently assure the security of the solution. The company has also been successfully certified under the government Cyber Essentials scheme.
Some of the techniques used to secure your information are listed below.
HTTPS connection
Security starts with the connection between your browser and the Safe4 servers which is secured using TLS (Transport Layer Security, the successor to SSL). Configuration of TLS is complex and a surprising number of websites are badly configured compromising their security. Safe4 is configured to the highest standards and is rated “A+” in independent testing. This places Safe4 in the top 1% of more than 1 million web sites that have been assessed.
Encryption and Validation
Files that have been uploaded are encrypted using AES-256 before being saved to storage. Every time a file is downloaded it is checked to ensure that it is exactly the same as the file that was uploaded and has not been tampered with.
Safe4 does not support searching inside of files that have been uploaded. This is because the indexes cannot be encrypted and if compromised the content of the documents would be accessible.
2-Factor Authentication protection
You can add an extra layer of protection by requiring your users to implement 2-Factor Authentication. This will require them to register a mobile phone number against their user account, to which a 7-digit authentication code will be sent following a challenge whenever they login.
Virus protection
All files that are uploaded are checked for virus infections. This helps to ensure that Safe4 does not pass an infected file onto a third party damaging your reputation.
Enforce information security policies
Safe4 provides support for your information security policies. Whitelisting enables you to control the individual types of files that can be uploaded – for example enforcing the upload of PDFs only to ensure that modifiable content is never uploaded. Where more stringent requirements are needed Safe4 provides support for validating protective markings.
Permissions
Safe4 implements an easy to use and flexible permissions system to enable you to apply fine grained control over access to individual parts of the system for different users.
UK Hosting
Safe4 is hosted by a world leading hosting partner – Rackspace at data centres based in the UK. Rackspace take security very seriously as well and are fully ISO27001 certified. See their website for more details.
Cyber Essentials
Safe4 recognises that Security is only as good as it’s weakest link. This is why Safe4 have invested in achieving certification under the Cyber Essentials scheme – see http://www.cyberessentials.org.uk. This scheme recognises the business processes and procedures that are implemented by Safe4 are meeting best practice government guidelines.
Copyright © 2010 to Date - Safe4 Information Management Limited
Telephone UK: 0845 094 8045
Telephone South Africa: 011 234 2563