Your Business and Customer Data Secured
Commusoft uses network drive storage to host critical client data. These drives are designed to automatically encrypt data at rest.
Physical Server Security
Commusoft uses the Google Cloud Platform for its incredible server security. Not even Tom Cruise could access your customer data.
Commusoft’s global infrastructure is hosted on the Google Cloud Platform across multiple data centres in multiple countries, including the United Kingdom, India and United States of America. Commusoft host each client's data in their country of origin, or, the nearest country Commusoft currently have an infrastructure.
Every user is assigned a permission level (role) which assigns different levels of access to different features. Control who in your business can see and access specific data and features.
Detailed audit trails are available to all Enterprise clients, recording every successful login to the software, as well as transaction history of every new record, edited record and deleted record.
Commusoft use one-way hashed passwords with secure salts, meaning passwords can’t be read by anyone, not even Commusoft’s security team.
Enterprise Grade At-Rest Encryption
Commusoft use network drive storage to host critical client data. These drives are designed to automatically encrypt data at rest. This enterprise security feature lets our clients be confident that their information is guarded from unauthorised access.
All information across the Commusoft network uses SSL (https). Commusoft offer clients TLS 1.1, TLS 1.2, TLS 1.3, restricting access to the less secure TLS 1.0. This means clients can rest assured that their data is kept safe and sound.
Access and Encryption
Commusoft restrict access to all production backups to key members of the team (on a need-to-access basis). Access to these backup files is audited to maintain compliance with our internal security policy. All backup files are encrypted at rest.
We backup Commusoft daily for all systems.
Commusoft operate a PCI compliant network. This is a security standard developed by the card industry to make sure payment transactions online are kept safe and secure. This standard requires regular audits of Commusoft’s internal security policies, as well as our production environment.
Commusoft undertake quarterly scans of our network to identify vulnerabilities, as well as subscribing to the latest patches and updates to both the Linux operating system and other key components of the Commusoft infrastructure.
External yearly penetration testing is performed by an industry-leading security company designed to stress test the Commusoft network and application, helping to keep your data secure and the Commusoft system operating correctly at all times.
- PCI compliant network
- PCI DSS D compliance (Coming soon)
- ISO27001 compliance (Coming Soon)
GDPR & Data Protection
Commusoft complies with European data protection law allowing our clients to be GDPR compliant. All clients are provided with contracts that meet our obligations under GDPR as data processors.