Radar data security and disaster recovery policies – February 2022
Introduction
At Radar we understand how valuable your data is and how imperative it is to protect that data for you. Data is our stock in trade and we never underestimate its power or importance.
Data Hosting
Radar utilises a managed service in a secure purpose-built Tier III data centre managed by vXtream for all client data processing. The data centre holds 24/7 National Emergency Status. Our services are managed by Dudobi. Both vXtream and Dudobi have their Information security management system certificated to ISO/IEC 27001 standard.
Data Protection Act
In the UK, Marketing Radar Ltd is registered and fully compliant under the Data Protection Act and e-Privacy (PeCR). Radar systems is compliant with the GDPR regulations.
Data at Radar
Our backup and data retention needs are also provided by Dudobi. These are stored onsite for rapid recovery and at a different secure offsite location to support longer-term backups and disaster recovery.
Contingency Plan / Disaster Recovery
Radar’s managed service provides a partner site, which can have essential systems back up and running within hours.
Radar increasingly receives data in real-time. Our servers receive a new piece of data on average every second. In order to ensure no data is lost in the event of any Radar server downtime, Radar developed Radar Relay, which routes all data initially to AWS (Amazon Web Services), then into Radar. If the Radar server is not immediately available, the data will be held in AWS until the Radar server is ready to receive it.
Data at/for client
All data for client to be supplied via:
- Radar Secure Data Manager (upload)
- Radar Secure Report export (download)
- Encrypted external flash or hard drive (ED)
- Secure cloud storage (for example: OneDrive, Google Drive)
- Secure web file transfer service (for example: MailBigFile)
- Secure FTP transfer
All data should be zipped and password protected following update or selections.
Data can be re-supplied from the main database from Radar’s hosted server within 24 hours of failure, should the situation demand it.
Database interrogations made on Radar equipment and e-mailed through to client will automatically be backed-up according to Radar’s standard back-up procedure.
Data security / Breach prevention
Radar ensures that security is in place on all computer equipment that data is stored upon. This includes:
- All desktop computers, laptop computers, and servers require username and password to gain access
- When Radar takes laptops or netbooks off site, they have encrypted hard drives and/or do not hold any Personally identifiable information (PII) client data on them so that if lost or stolen, they pose no security risk
- All computers are only used either standalone or behind both hardware and software-based firewalls
- Any external access to the system is only provided to essential staff and agents
- External agents only have access to their own secure FTP site
- No generic guest FTP site is available
- External access requires a username and password to be provided
- All passwords are complex and contain a combination of mixed case characters, numbers and special characters
- No password may be a real word
- Anti-virus software operates on all desktop computers, laptop computers, netbooks and servers
- Any sensitive data sent by email, will be contained within an encrypted zip file. The password will be provided by a different method (for example: SMS)
- All retired hardware has their disk drives either scrambled or physically destroyed
- Radar conduct training/revision sessions at each of our team meetings (every 2 months) and keep a log of GDPR/security training
Radar.ms
SaaS browser security is ensured through the following features:
- Access to the browser is secure using https:// SSL employing 256-bit encryption
- Browser access can be locked down to specific IP addresses
- Individual users can be granted/denied access from outside the locked-down IP addresses
- Two stage verification is provided for non-whitelisted IP addresses
- All passwords are encrypted
- Login failures do not specify if it is the password or username that is incorrect
Radar surveys
Web browser security is ensured through the following features:
- Access to the browser is secure using https:// SSL employing 256-bit encryption
- Access is via an encrypted link or a two-stage verification process where direct access to the survey page is made
Breach detection
The following Radar system monitors are in place:
- Radar monitors attempted logins and will lock an account after 5 failed attempts
- Radar monitors all system calls via API and reports on abnormal activity
The following server system monitors are in place:
- Dudobi monitor attempted logins and will lock an account after 3 failed attempts
- vXtream and Dudobi monitor for DDoS attacks and other forms of server attacks
- Dudobi has a third party carry out penetration testing every 6 months. All recommendations are implemented
- Business continuity and disaster recovery testing is carried out quarterly.
More information about Radar’s data security is available on request