Fully compliant, fully pen tested data protection and privacy.
Our services are hosted on mySociety’ scalable, automated and secure server platform, built on over ten years’ experience of developing and operating well-known, high-traffic civic engagement services.
To provide the most flexible and robust system, we spread our services across multiple locations. This ensures we can take advantage of both cloud and dedicated hosting where appropriate, in a way that’s transparent to our end-users.
Automation in testing, deployments, monitoring and infrastructure management means we can make improvements quickly and responsively. We can deploy code changes seamlessly to our production environments many times a day, and migrate applications between elements of our infrastructure, all without interrupting service.
Below are some of the principles that underpin our approach.
|Password Policy||All passwords on mySociety’s services must meet minimum complexity requirements, and login attempts are throttled. All passwords are stored in the database encrypted with a one-way bcrypt hash, mitigating against local brute-forcing.
mySociety administrator accounts must adhere to mySociety’s own strict security policies, plus have two-factor authentication (whereby a changing code on a device needs to be input in addition to a password in order to log in).
|Packaging||Every mySociety server runs a host based firewall to restrict inbound and outbound access of traffic. All servers and the packages on them are regularly and routinely patched to minimise the potential for vulnerabilities.|
|Access Control Model||mySociety maintains a least-permissive access control model to reduce potential cross-contamination of access in the event of a security compromise.|
|mySociety employs both on-line, near-line and off-site backup solutions. All data is encrypted and data verification can take place before restoration to ensure there has been no data tampering.|
|Secure access to servers||Privileged credentials are only transmitted to mySociety servers via encrypted protocols (HTTPS or SSH). Credentials are only exchanged in person or out-of-band with manual integrity checking.|
|Physical Security||mySociety makes use of both public and private cloud infrastructure. All systems are hosted in secure, access-controlled data centres in the UK and Ireland. All data centre operators have ISO27001 certification.|
|Host Based Firewalling||Every mySociety server runs a host based firewall to restrict inbound and outbound access of traffic.|
|Disaster Recovery||We have policies and procedures in place for insuring business continuity in the face of serious problems.|
|Redundant backups||We have backups at four different locations, including one which can only be accessed with credentials known to a small subset of the team. All backups are encrypted.|
|Backup checking||Backups are checked every day by an automated script and we conduct regular test restores to confirm data integrity.|
|Server/location-based failover||Our services can be load-balanced across multiple servers and our databases are mirrored to hot-standby instances. This provides an assurance of high availability and redundancy in the face of server or hardware failure. Our service deployment and monitoring is automated and changes can be made quickly and reliably in response to any infrastructure problems.|
|Cloud-based recovery options||In the event of a total loss of all servers and data, we would bring up a temporary service from the previous night’s backups on EC2 instances. We have a template containing our standard build already at AWS.|
|Source code redundant storage||All source code is replicated at commit/push time to at least one other server (this is in addition to the offsite backup above).|