Security Compliance at evalyou8

Security Compliance at evalyou8

Everyone at evalyou8 (Info Technology Supply Ltd trading as Evalyou8, a company incorporated in England and Wales under number 2230502 whose registered office is at 2 Hobbs House, Harrovian Business Village, Bessborough Road, Harrow, HA1 3EX, United Kingdom and its authorised resellers who may contract with a customer) takes compliance with obligations in data protection and other legislation relating to data security seriously and understands its significance  both to customers and partners. For this reason, evalyou8 have obtained independent third-party auditor certification for ISO 27001.

This page sets out evalyou8 security measures and should be read in conjunction with evalyou8 Privacy Policy and related documents on the evalyou8 website including Data Privacy & Security FAQs and Data Privacy at evalyou8 documents.

 

Security Best Practices at evalyou8

At evalyou8 we take great pride in our information security program and are dedicated to its continual improvement.

 

User Account Security

Product Access Control

A subset of evalyou8's personnel has access to the service and to customer data via managed interfaces. The intention of providing access to a subset of personnel is to provide effective customer support, troubleshoot potential problems, detect, and respond to security incidents and implement data security.

Encryption

evalyou8 uses 256-bit AES encryption at rest in addition to securing network communication with TLS 1.2 for encrypting data in transit. If using evalyou8 passwords these are stored one-way hashed.

 

Change Management

  • Peer code reviews: every change of evalyou8 is peer reviewed whether it’s a new feature or bug fix. Security reviews are performed as appropriate.
  • Regular code audits for security.
  • Robust unit testing.
  • Regular penetration testing.

 

Cloud Security

evalyou8 uses Microsoft Azure as its cloud service provider and leverages Azure's security and compliance controls for data centre physical security and cloud infrastructure. Further resources can be found on the website.

 

Monitoring & Logging

Availability

The evalyou8 service utilises automatic Azure availability services, evalyou8 maintains a Status page.

Logging

evalyou8 maintains a comprehensive log of all workflow actions. Actions are logged internally for troubleshooting, support, and planning purposes.

 

Vulnerability Management

Threat Detection

evalyou8 has enabled threat detection software and enforces continual threat modelling exercises to identify and plan for any vulnerabilities in our environment.

External Penetration Testing

evalyou8 undergoes an external penetration test by an independent third party on a monthly basis, new vulnerabilities are scanned daily.

evalyou8 regularly updates its security measures. Users should make regular reference to this page for the latest position as this Security Compliance summary is updated from time to time.