Grafton Banks Finance Security Statement
SMCloud Security Information
Perimeter Patrol constantly runs on all our systems, looking for attacks, viruses and malware. 24/7
Security Organisation and Leadership
MD oversight of security matters as Senior Information Risk Owner (SIRO)
Operational ownership of security matters held by a dedicated Security Manager
Segregation of duties between Security and Compliance managers and teams
Board representation in security decisions
Strong investment in security technologies, personnel and processes
Physical and Environmental Security
ISO 27001 certified data centres, Dunsfold data centre approved for PSN Protected, all data centres appropriate for Official data
Comprehensive CCTV coverage with footage retained for 90 days
Biometric and/or RFID badge controlled access to data halls
Physical access limited to specific necessary personnel
Stand-off fenced perimeters in place
At least N+1 UPS, generators and HVAC
FM-200 fire suppression
Continuous Building Management System monitoring
Operational Security
Incident management and change control procedures in place
Active involvement in the security community
DevOps security model allowing rapid mitigation of security issues
Strict media sanitisation and destruction procedures
Role-based access control
Customer support activity logging
HR Security
Defined and managed hiring and termination policies
Mandatory confidentiality agreements for all staff
Ongoing security awareness training for all staff
Compliance
ISO 27001:2013 certified hosting services and data centres
ISO 9001 and 14001 certified
PSN accredited to provide Official services over PSN Protected
Accredited to provide Official classified services via encrypted PSN overlay