A service you can depend upon
By selecting VettingGateway as your background-checking software, you have chosen to entrust us with your company’s data, which is one of your most valuable assets. We take this responsibility very seriously and have built security and privacy into the core of our platform, continually investing in technology and resources to maintain a robust service in which you can have complete confidence.
Best practice security and infrastructure
Our information security policies provide a robust framework under which we manage and process your company’s data. Our security infrastructure encompasses world-class hardware and software in which we continually invest, in order to defend against the latest known threats.
- We are Cyber Essentials Plus Certified
- We use secure data centres managed by Amazon Web Services, which hold a broad set of industry standard accreditations such as ISO27001 and ISO9001.
- Our data centres are connected to the internet with redundant internet links and bandwidth can be easily upgraded on requirement.
- There is redundancy at every component and service level, as well as spare capacity, so we can scale our servers on demand. This means VettingGateway can continue to run for prolonged periods even after experiencing major component failures, and we don’t run out of space.
- All new VettingGateway employees are background-checked to DfT/CAA standards, which includes a basic DBS.
- Our infrastructure is protected by firewalls and all management access requires two-factor authentication.
- Virus scan technology is implemented throughout our infrastructure.
- Annual independent security assessments are performed.
- An ongoing vulnerability scanning, and management program is in place.
- Machines are built from approved hardened images and verified in third party security assessments.
- A continuous patching cycle is in place to ensure the latest security updates have been applied
- We have restore points for critical data taken every 5 minutes. Backup data is securely kept at same geographic regions, yet sufficiently distant to ensure data is not lost in the event of a disaster, whilst complying with local data protection regulation.
- We engage skilled information security and data privacy specialists to ensure security is always a priority.
- Role based permissions are used to control staff access to systems and data.
Protecting the live platform
VettingGateway employs various encryption, authentication, and verification techniques from the sign-up process right through to operational fulfilment.
- Data is transferred over TLS.
- The platform employs anti-DoS and DDoS technology.
- Passwords are one-way hashed.
- Our web login page enforces rate limiting to protect against brute force attacks.
- Your account access rights are configurable to your needs and managed by your administrator user.
- All your users are set up in the platform by your administrator user.
- All data is virus scanned when uploaded to the platform.
- Outbound emails are sent using opportunistic TLS, using authentication and validation systems such as SPF, DKIM and DMARC
- Payment processes are fully PCI-DSS compliant
Third party service partners and data processors
The VettingGateway platform employs the use of Cloud Service Providers in order to provide a responsive and scalable service. To safeguard the confidentiality, integrity and availability of data, only industry leading providers with state-of-the-art facilities are used.
The VettingGateway platform is hosted on Amazon Web Services (AWS) infrastructure. This is where all data uploaded to the platform is stored, and where all usage data and audit records are collected. Our primary AWS data centre is located in Ireland (EU-West-1) and is spread across multiple availability zones for high availability.
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 165 fully featured services from data centres globally.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behaviour to protect our AWS accounts and workloads.
Microsoft Enterprise Mobility + Security E3 provides an identity-driven security solution that offers a holistic approach to the security challenges in this mobile-first, cloud-first era.
Trusted by more than 27,000 organizations worldwide, Nessus®Professional automates point-in-time assessments to help quickly identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations.
Atlassian is a leading enterprise software company that develops products for software developers, project managers, and content management. Most widely used for its Service Desk incident management and project management tools.
Stripe software allows us to receive payments over the Internet. Stripe provides the technical, fraud prevention, and banking infrastructure required to operate online payment systems.