This policy was last updated on Tuesday 22nd May 2018. At Octanise data security is very important to us. We know your data is precious and as guardian of that data we will do everything we can to keep it safe. We have invested in the best infrastructure to protect your data. This document explains how Octanise store your data and secure it to prevent customer theft, damage or loss. System Access As a subscriber to Octanise, you own your data. You have control over your customers to use the software and access your data. You also have control over the level of access and permissions that you give to them. Access to Octanise is controlled by a username and password. If you think that your own security may have been breached it is essential that you notify us immediately using [email protected] The main subscriber can also revoke access to any accounts from within the software. It is key that you do this when people leave your company. Data Centre The Octanise application is hosted using AWS
AWS acts as both a data processor and a data controller under the GDPR.
AWS as a data processor – When customers and AWS Partner Network (APN) Partners use AWS services to process personal data in their content, AWS acts as a data processor. Customers and APN Partners can use the controls available in AWS services, including security configuration controls, for the handling of personal data. Under these circumstances, the customer or APN Partner may act as a data controller or data processor itself, and AWS acts as a data processor or sub-processor. AWS offers a GDPR-compliant Data Processing Addendum (DPA) that incorporates AWS’s commitments as data processor.
AWS as a data controller – When AWS collects personal data and determines the purposes and means of processing that personal data – for example, when AWS stores account information for account registration, administration, services access, or contact information for the AWS account to provide assistance through customer support activities – it acts as a data controller.
Data is hosted in the UK and Ireland. Their data centres are ISO 27001 Certified for data security. Click here to read more about their certification https://aws.amazon.com/compliance/iso-27001-faqs/
Our client data is protected both in transit and at rest using encryption. AWS details the levels of security and certification provided by our hosting for our client here https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html.
Octanise operates a security board where any security issues are escalated to senior management. Management will review the nature of the issue, decide the priority and implementing action required to provide a resolution. This includes our obligation to report any breach of personal data to the ICO within 72 hours.