Thousands of users entrust Changefirst with their data, and we make it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.
This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure that customer and user data is protected.
As part of Changefirst’s continuing improvement for the confidentiality, quality and availability of the information assets we may store and process, we are ISO 27001 certified and externally audited annually. The Changefirst Information Security Policy provides further information in this area.
Personal information a user enters in online services provided by Changefirst is used for contacting users should they have a support query. Changefirst collects the following Personal Data from users for us to provide our service:
- First Names
- Last Names
- Email address
- Location (Country)
- IP address
Technical and organisational security measures
Changefirst document a set of technical and organisational security measures in the following areas: access control to premises/facilities/systems/data, disclosure control, input control, job control, availability control and segregation control. This information can be provided on request to our potential/existing customers upon request.
Online services provided by Changefirst are hosted on secure servers located in the European Union using Amazon Web Services (AWS). Only authorized Changefirst personnel have access to these servers.
- SSL/TLS encryption: The service uses SSL/TLS protocol during transmission over public networks such as the internet. This ensures that user data in transit is safe, secure, and available only to intended recipients.
- User passwords: User application passwords have minimum complexity requirements. Passwords must meet the following guidelines:
- be at least eight characters and no more than 20 characters in length
- contain at least one lowercase letter [a-z]
- contain at least one uppercase letter [A-Z]
- contain at least one number [0-9] or contain special characters: ! @ # $ % ^ & * ( ) + ?
- Data encryption: Certain sensitive user data such as account passwords are stored in an encrypted format. Client data is encrypted at all times when in transit.
- Data portability: users can export your data from our system in a variety of formats so that you can back it up, or use it with other applications.
Changefirst uses the Amazon Cloud Computing Platform ‘Amazon Web Services’ (AWS) to provide customers with secure, reliable and high-performance experience when using Changefirst online services. The AWS infrastructure includes facilities, network, and hardware as well as some operational software that supports the provisioning and use of these resources. This infrastructure is designed and managed according to security best practice as well as a variety of security compliance standards. More information can be found at https://aws.amazon.com/compliance/data-center/controls/
Software development practices
Our engineers use best practices and industry-standard secure coding guidelines and procedures to ensure secure coding. These are outlined in the Changefirst SDLC Security Policy.
Keeping user data secure also depends on maintaining the security of user accounts by using sufficiently complicated passwords, stored securely. Users of the services should also ensure that they have sufficient security on their own systems, to keep any data downloaded to a local device away from prying eyes.
Last updated: 12th December 2019.