Security Policy

Contact us if you have any questions about your data's security

Introduction

This security policy sets out how Oxford Computer Consultants secures and protects any information that you give Oxford Computer Consultants when you use this web application.

Oxford Computer Consultants is committed to ensuring that your data is protected. Should we ask you to provide certain information by which you or any other individual can be identified when using this web application, you can be assured that it will be secured in accordance with this security statement.

Web application security

The web application ensures that users must be logged in, using a specific user name and password allocated to them, before they are able to upload or view any data.

A user will only see the full details of data originating from their own Local Authority, all other data is anonymised, preventing anyone from seeing the service names of services from other Authorities.

ABOUT SSL CERTIFICATES  

The web application uses SSL (Secure Sockets Layer) to ensure that any sensitive information is encrypted as it travels from the user's browser to the server. Look for the "https" at the beginning of the URL and the padlock sign either on the right of the address bar or in the bottom right corner of the screen (depending on your browser) to be sure that the page you are viewing is secure.

SSL is enforced on all pages where data is uploaded or displayed, as well as all pages where user information is entered or altered.

Physical security

The server that hosts this web application is mounted inside a locked cage rack, within an environmentally controlled data-centre room with key-card only access. The building itself is located in the London docklands and is controlled by 24 hour security with strict photo-identification of all visitors.

Our host maintains a list of personnel who may be granted physical access to the server as well as a separate list of the personnel who may modify that "access list" or arrange request for access. A log of physical access to the server is also maintained in order to track who has done what to maintain the server and at what time.

Remote access

The only way to access the server from outside the data-centre is through a Virtual Private Network (VPN). VPN connection is allowed only from the IP address of the Oxford Computer Consultants offices. This is enforced at both a hardware (server) and software (firewall) level, preventing access from any other location.

The VPN uses a secure, encrypted channel to transfer data and a Windows user and strong password to log in to the server, available to only the authorised server administrators.

Data backups

The web application database is backed up on a daily basis and stored on the server before being transferred over an encrypted channel to a secure, encrypted backup disk in another key-card access only data-centre, at the Oxford Computer Consultants offices. This ensures the safety of the data in the event of damage to the server.

Back to top