Trust Centre
A service you can depend upon
By selecting VettingGateway as your background-checking software, you have chosen to entrust us with your company’s data, which is one of your most valuable assets. We take this responsibility very seriously and have built security and privacy into the core of our platform, continually investing in technology and resources to maintain a robust service in which you can have complete confidence.
Best practice security and infrastructure
Our information security policies provide a robust framework under which we manage and process your company’s data. Our security infrastructure encompasses world-class hardware and software in which we continually invest, in order to defend against the latest known threats.
​
-
We are Cyber Essentials Plus Certified
-
We use secure data centres managed by Amazon Web Services, which hold a broad set of industry standard accreditations such as ISO27001 and ISO9001.
-
Our data centres are connected to the internet with redundant internet links and bandwidth can be easily upgraded on requirement.
-
There is redundancy at every component and service level, as well as spare capacity, so we can scale our servers on demand. This means VettingGateway can continue to run for prolonged periods even after experiencing major component failures, and we don’t run out of space.
-
All new VettingGateway employees are background-checked to DfT/CAA standards, which includes a basic DBS.
-
Our infrastructure is protected by firewalls and all management access requires two-factor authentication.
-
Virus scan technology is implemented throughout our infrastructure.
-
Annual independent security assessments are performed.
-
An ongoing vulnerability scanning, and management program is in place.
-
Machines are built from approved hardened images and verified in third party security assessments.
-
A continuous patching cycle is in place to ensure the latest security updates have been applied
-
We have restore points for critical data taken every 5 minutes. Backup data is securely kept at same geographic regions, yet sufficiently distant to ensure data is not lost in the event of a disaster, whilst complying with local data protection regulation.
-
We engage skilled information security and data privacy specialists to ensure security is always a priority.
-
Role based permissions are used to control staff access to systems and data.
Protecting the live platform
VettingGateway employs various encryption, authentication, and verification techniques from the sign-up process right through to operational fulfilment.
​
-
Data is transferred over TLS.
-
The platform employs anti-DoS and DDoS technology.
-
Passwords are one-way hashed.
-
Our web login page enforces rate limiting to protect against brute force attacks.
-
Your account access rights are configurable to your needs and managed by your administrator user.
-
All your users are set up in the platform by your administrator user.
-
All data is virus scanned when uploaded to the platform.
-
Outbound emails are sent using opportunistic TLS, using authentication and validation systems such as SPF, DKIM and DMARC
-
Payment processes are fully PCI-DSS compliant
Third party service partners and data processors
EU-based storage
​
The VettingGateway platform employs the use of Cloud Service Providers in order to provide a responsive and scalable service. To safeguard the confidentiality, integrity and availability of data, only industry leading providers with state-of-the-art facilities are used.
The VettingGateway platform is hosted on Amazon Web Services (AWS) infrastructure. This is where all data uploaded to the platform is stored, and where all usage data and audit records are collected. Our primary AWS data centre is located in Ireland (EU-West-1) and is spread across multiple availability zones for high availability.