Relative Insight has put a host of security measures in place to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, including:
ISO 27001 certification
Relative Insight Limited is ISO 27001 certified and is audited annually to ensure continued compliance.
Applicable data security policies subject to annual audit include:
Access control and management: who has access to our platform operations and how this access is managed
Data redundancy and backup: how data is kept safe and stored in the event of adversity
Change management: how we make sure changes are tracked and properly reviewed from a security perspective
Software architecture and development: we make sure security is considered at all stages of the development process
ISO Certificate - Relative Insight Limited
Dedicated Security Officer
Relative Insight has a dedicated Security Officer, who oversees ISO certification, compliance and data protection issues.
Internal information security forums are held at least once a year where the companies security processes and compliance is reviewed and updated where necessary.
Restricted access to customer data
We limit access to your data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your data on our instructions and they are subject to a duty of confidentiality.
Documented procedures in the event of a suspected data breach
We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
All of our services are hosted in the cloud, and we only use established providers with the highest security certifications (ISO 27001, SOC, etc.). We do not run our own routers, load balancers, DNS servers, or physical servers when delivering our services to you.
Secure transmission of data
All data transferred in and out of Relative Insight is encrypted using hardened TLS. Relative Insight is also protected by HTTP Strict Transport Security and is pre-loaded in major browsers.
We take pride in our application security and consider it throughout the development and deployment process. This includes documented procedures for:
Training and review – Code is reviewed by a senior engineer with security best practice training before being deployed to production systems.
Automated testing and build processes – We have an extensive set of automated testing procedures that are run for every code change.
Software dependencies – Relative Insight keeps up to date with software dependencies and has automated tools scanning for common security issues.
Development and QA environments – These environments are separated physically from the Relative Insight production environment. No customer data is ever used in development or QA environments.
User logins – User passwords are one-way encrypted and salted before being stored in our database.
Penetration testing – Relative Insight performs regular penetration test audits with a contracted third party.