Grafton Banks Finance Security Statement

SMCloud Security Information

Perimeter Patrol constantly runs on all our systems, looking for attacks, viruses and malware. 24/7

Security Organisation and Leadership

MD oversight of security matters as Senior Information Risk Owner (SIRO)

Operational ownership of security matters held by a dedicated Security Manager

Segregation of duties between Security and Compliance managers and teams

Board representation in security decisions

Strong investment in security technologies, personnel and processes

Physical and Environmental Security

ISO 27001 certified data centres, Dunsfold data centre approved for PSN Protected, all data centres appropriate for Official data

Comprehensive CCTV coverage with footage retained for 90 days

Biometric and/or RFID badge controlled access to data halls

Physical access limited to specific necessary personnel

Stand-off fenced perimeters in place

At least N+1 UPS, generators and HVAC

FM-200 fire suppression

Continuous Building Management System monitoring

Operational Security

Incident management and change control procedures in place

Active involvement in the security community

DevOps security model allowing rapid mitigation of security issues

Strict media sanitisation and destruction procedures

Role-based access control

Customer support activity logging

HR Security

Defined and managed hiring and termination policies

Mandatory confidentiality agreements for all staff

Ongoing security awareness training for all staff

Compliance

ISO 27001:2013 certified hosting services and data centres

ISO 9001 and 14001 certified

PSN accredited to provide Official services over PSN Protected

Accredited to provide Official classified services via encrypted PSN overlay