Fully compliant, fully pen tested data protection and privacy.
Our services are hosted on SocietyWorks’ scalable, automated and secure server platform, built on over ten years’ experience of developing and operating well-known, high-traffic civic engagement services.
To provide the most flexible and robust system, we spread our services across multiple locations. This ensures we can take advantage of both cloud and dedicated hosting where appropriate, in a way that’s transparent to our end-users.
Automation in testing, deployments, monitoring and infrastructure management means we can make improvements quickly and responsively. We can deploy code changes seamlessly to our production environments many times a day, and migrate applications between elements of our infrastructure, all without interrupting service.
Below are some of the principles that underpin our approach.
|Password Policy||We enforce a minimum standard of password complexity, ensuring that brute-forcing is sufficiently difficult to be mitigated by other practices|
|Packaging||All mySociety servers and the packages on them are regularly and routinely patched to minimise the potential for vulnerabilities|
|Access Control Model||mySociety maintains a least-permissive access control model to reduce potential cross-contamination of access in the event of a security compromise. Where appropriate, processes are jailed|
|mySociety employs both on-line, near-line and off-site backup solutions. All data is encrypted and data verification can take place before restoration to ensure there has been no data tampering|
|Secure access to servers||Privileged credentials are only transmitted to mySociety servers via encrypted protocols (HTTPS or SSH). Credentials are only exchanged in person or out-of-band with manual integrity checking|
|Physical Security||mySociety servers are hosted by Bytemark. Their data centres employ CCTV, 24 hour security and biometric sensors, and their operator is certified to ISO27001:2005.|
|Host Based Firewalling||Every mySociety server runs a host based firewall to restrict inbound and outbound access of traffic|
|Disaster Recovery||We have policies and procedures in place for insuring business continuity in the face of serious problems|
|Redundant backups||We have backups at four different locations, including one which can only be accessed with credentials known to a small subset of the team. All backups are encrypted.|
|Backup checking||Backups are checked every day by an automated script and we conduct regular test restores to confirm data integrity.|
|Server/location-based failover||Our services can be load-balanced across multiple servers and our databases are mirrored to hot-standby instances. This provides an assurance of high availability and redundancy in the face of server or hardware failure. Our service deployment and monitoring is automated and changes can be made quickly and reliably in response to any infrastructure problems.|
|Cloud-based recovery options||In the event of a total loss of all servers and data, we would bring up a temporary service from the previous night’s backups on EC2 instances. We have a template containing our standard build already at AWS.|
|Source code redundant storage||All source code is replicated at commit/push time to at least one other server (this is in addition to the offsite backup above).|