Commusoft's Security
Reliable Security to Keep Your Data Safe
Security is one of our main priorities at Commusoft. Our team works every day to ensure the best security for our customers at all levels, aiming to be fully transparent and compliant.
Your Business and Customer Data Secured
Network Security
Commusoft uses network drive storage to host critical client data. These drives are designed to automatically encrypt data at rest.
Physical Server Security
Commusoft uses the Google Cloud Platform for its incredible server security. Not even Tom Cruise could access your customer data.
Data Storage
Commusoft’s global infrastructure is hosted on the Google Cloud Platform across multiple data centres in multiple countries, including the United Kingdom, India and United States of America. Commusoft host each client's data in their country of origin, or, the nearest country Commusoft currently have an infrastructure.
Application Security
Role-Based Security
Every user is assigned a permission level (role) which assigns different levels of access to different features. Control who in your business can see and access specific data and features.
Full Auditability
Detailed audit trails are available to all Enterprise clients, recording every successful login to the software, as well as transaction history of every new record, edited record and deleted record.
Secure Authentication
Commusoft use one-way hashed passwords with secure salts, meaning passwords can’t be read by anyone, not even Commusoft’s security team.
System Security
Enterprise Grade At-Rest Encryption
Commusoft use network drive storage to host critical client data. These drives are designed to automatically encrypt data at rest. This enterprise security feature lets our clients be confident that their information is guarded from unauthorised access.
In-Transit Encryption
All information across the Commusoft network uses SSL (https). Commusoft offer clients TLS 1.1, TLS 1.2, TLS 1.3, restricting access to the less secure TLS 1.0. This means clients can rest assured that their data is kept safe and sound.
Backups
Access and Encryption
Commusoft restrict access to all production backups to key members of the team (on a need-to-access basis). Access to these backup files is audited to maintain compliance with our internal security policy. All backup files are encrypted at rest.
Daily Backups
We backup Commusoft daily for all systems.
Compliance
Commusoft operate a PCI compliant network. This is a security standard developed by the card industry to make sure payment transactions online are kept safe and secure. This standard requires regular audits of Commusoft’s internal security policies, as well as our production environment.
Commusoft undertake quarterly scans of our network to identify vulnerabilities, as well as subscribing to the latest patches and updates to both the Linux operating system and other key components of the Commusoft infrastructure.
External yearly penetration testing is performed by an industry-leading security company designed to stress test the Commusoft network and application, helping to keep your data secure and the Commusoft system operating correctly at all times.
- PCI compliant network
- ISO9001 compliance
- ISO27001 compliance
GDPR & Data Protection
Commusoft complies with European data protection law allowing our clients to be GDPR compliant. All clients are provided with contracts that meet our obligations under GDPR as data processors.