Information security is a serious matter for WillSuite. This policy serves as a guide to let you know the steps we take to ensure the privacy of your data.
Data Centre Security
WillSuite runs on the DigitalOcean platform with data hosted by the platform Amazon Web Services (AWS) in nondescript housed facilities. Our data centers are located in London.
Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
More information relating to security of data centers can be found in the AWS Security Whitepaper and DigitalOcean security disclaimers available here: https://aws.amazon.com/whitepa...
Our server network can only be accessed via SSH with public key authentication or via Two-factor Authentication over SSL. Public keys are removed from servers where access is no longer required.
Operating system security patches are checked on a nightly basis.
Third Party Penetration Tests
In addition to extensive internal scanning and testing, WillSuite work with CREST-accredited third-party security experts to perform a broad penetration test across the WillSuite platform to validate and improve on the security of our software.
Ongoing Security Monitoring
Servers are checked for security patches on a nightly basis.
Automated application checks are ran against the PHP Security Advisories Database (https://security.sensiolabs.org/) every 24 hours. WillSuite are alerted if there are any packages included within the system which require action.
WillSuite are notified when suspicious account activity is detected. In some cases access to the system may be automatically restricted until manual intervention by WillSuite employees.
Encryption of Data
Communications between you and WillSuite servers are encrypted via industry best-practice HTTPS and Transport Layer Security (TLS) by default.
At rest, data is encrypted on our AWS platform with AES-256 encryption.
Data backup and redundancy
WillSuite’s strict backup regime ensures customer data is backed up on an hourly basis.
Before being purged;
Hourly backups are held for a period of 7 days.
Daily backups are held for a period of 16 days.
Weekly backups are held for a period of 8 weeks.
Monthly backups are held for a period of 3 months.
Customer data is retained for as long as you remain a customer and until impractical, your data will remain in the WillSuite system indefinitely. Former customers’ core data is removed from live databases upon a customer's written request or after an established period following the termination of the customer agreement. In general, former customers’ data is purged 90 days after all customer relationships are terminated.
Information stored in replicas, snapshots, and backups is not actively purged but instead naturally ages itself from the repositories as the data lifecycle occurs. WillSuite reserves the right to alter the data pruning period and process at its discretion in order to address technical, compliance, or statutory needs.
Framework level security
We use tools and techniques to protect against common security vulnerabilities. This includes escaping user-inputted data which is rendered to reduce the threat of Cross Site Scripting (XSS), CSRF tokens are used to minimize the risk Cross Site Request Forgery (CSRF), and use of PDO across the system to minimize the risk of SQL Injection.
Protection against the above attack vectors is evaluated as part of our third-party security audits.
Customer Support, Services, and other customer engagement staff with a need-to-know may request access to customer services on a time-limited basis. Requests for access are limited to their work responsibilities associated with supporting and servicing our customers. The requests are limited to just-in-time access to a specific customer's service for a 24 hour period.
All access requests, logins, queries, page views and similar information are logged. Employee access is subject to daily review and at least semi-annual recertification to ensure authorized systems are within limits of employees' current roles.
All employees are subject to pre-employment checks compliant to the BS7858:2012 security screening standard including, but not limited to,
Confirmation of name, date of birth and address
Right to work validation
5 Year career history reference checks employment, self-employment and unemployment
Independent verification of any career gap which exceeds 31 days
Verified written character reference
Education checks as appropriate
Financial public record check: CCJ’s, insolvency, bankruptcy, IVA’s, undeclared address links & aliases.
Terrorist financial sanctions list & company officer checks
Basic Criminal Record Disclosure
Certificate of screening & full audit file supplied when vetting is complete
All employees receive security and incident response processes training within the first month of employment as part of the WillSuite security program along with role-specific follow-up training. All employees must comply with Non-Disclosure Agreements and Acceptable Use Policies before access to production networks and data.
Employees are tested on their knowledge of different common attack vectors used within web applications and given training on risk minimization before and during development on the code base.
Product Security Features
Two Factor AuthenticationTwo Factor authentication is available for users of the system to protect their account in the event their password is comprised.
Password PolicyWe enforce a password policy restricting complexity and uniqueness of passwords.
Unobtainable Authentication Data
Passwords are one-way hashed and salted using bcrypt, the recommended industry standard in one-way hashing. Passwords cannot be retrieved by any party.
Communication EncryptionWeb traffic to our platform is forced over encrypted HTTPS and is authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_256_GCM (a strong cipher).
Role-based AccessRole-based user access, allowing administrators to restrict application and data access for certain users dependent on their role.