Any organisation that holds the amount of personal data that we hold knows just how damaging the consequences of failing to secure that data can be.
It’s why security considerations feature so prominently in every single decision we make at Verifile. Security is something we’ll never compromise on or take chances with.
To demonstrate to clients that we have the framework within which data security (as well as data accuracy and integrity) is guaranteed, we have invested heavily in
accreditations and
certifications – and will continue to do so.
We are certified against
ISO 27001 (Information Security) and ISO 22301 (Business Continuity Management Systems), proving that we have stringent information security protocols in place. We’ve been awarded our
Cyber Essential Plus certification, confirming our commitment to data security, and we also hold the
National Security Inspectorate (NSI) Gold Award for security screening.
A key component of our own security screening sees every one of our employees vetted to meet the criteria of
BS7858 security screening (an important framework for conducting background checks in highly secure environments) – but over a ten year period, rather than the required five.
You could argue that we’re one of the most over-accredited businesses you’ll come across. That’s because none of this is driven by an obligation to meet regulatory requirements (as we currently have none), just a desire to do the right thing.
However, if, or when, that day comes and our industry becomes more regulated, we’ll definitely be ready.
Handling your data
The information security processes we have in place are subject to regular scrutiny, via both internal and external auditors.
Our senior management team chair regular security meetings which focus on security improvement and our security controls are well documented, with performance against key objectives annually reviewed.
New joiners undertake a comprehensive security induction before being given access to our systems and existing staff are continually reminded of their ongoing personal security obligations.
Needless to say, we were well prepared when the
UK Data Protection Act (DPA 2018), incorporating the EU’s
General Data Protection Regulations, was enacted in May 2018. The enhancement of this regulation, providing individuals with far more control over how their data is used and handled, was always going to be a significant consideration for any businesses that, like ours, hold so much personal information. Specialist legal advice was taken promptly to ensure we were compliant with the regulatory articles – and remain so today.