SafetyToolbox is committed to protecting your data by using multiple layers of security. The following is a brief overview of some of the things we do to help keep your information safe.
Security
Physical Security
Customer Information within SafetyToolbox Online is held securely in data centres located in Ireland across multiple availability zones to guard against localised, physical failure. These data centres meet the strictest security standards, including ISO 27001, 27017 and 27018 certification, and comply with the EU General Data Protection Regulation (GDPR).
Encryption
All information that passes between SafetyToolbox Online and your computer (“data in use/transit”) is securely encrypted over HTTPS using TLS v1.2, according to industry standard best practice. The strongest encryption algorithms (SHA 256) afforded by your browser are prioritised.
Distributed Denial of Service (DDoS) mitigation is automatically applied by our hosting provider.
User passwords are stored in our database via a one-way cryptographic hashing function with “salt” (random data). Passwords are not stored in plaintext and it’s not possible to reverse engineer the stored value equivalent.
Preventing Vulnerabilities
All access to SafetyToolbox Ltd’s underlying systems and data is protected through the use of unique credentials with two-factor authentication.
The application runs inside a secured and hardened environment which is engineered for security to help minimise vulnerabilities according to industry-standard guidelines.
We employ additional automated protection technologies within our infrastructure to identify and potentially block suspected and/or malicious and/or fraudulent behaviours.
Privacy
We are bound by the UK’s Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR) and fully respect the rights of individuals in compliance with the EU GDPR. SafetyToolbox Ltd does not sell, rent or share data with any third party unless previously agreed as part of any contractual arrangement (or any legal or regulatory requirement).
However, we do utilise some third parties that help provide our services. We ensure that the security measures in place at those third parties have, at the very least, the same high security standards that we employ.
People
Our staff are vetted prior to employment with checks including proof of identity, proof of right to work, proof of residency and proof of activity.
We also maintain a suite of internal policies, procedures and guidelines, which all staff and relevant contractors and third parties must follow.
Customer data is accessed by SafetyToolbox staff on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by operational staff to provide necessary support and maintenance.
Our developers are versed in the OWASP Top Ten critical web application security risks. All code must then pass automated testing, quality and security control gates before being merged and deployed.
Resiliance
We go to great lengths to make sure your data is stored safely.
As well as having a highly available, fault-tolerant database underpinning the application, SafetyToolbox Online also has point-in-time recovery. Additional secured, daily snapshots of data are available should they ever be required.
These technical and organisational measures help ensure the confidentiality, integrity and availability of our systems and your data at all times.