Compliance and Certifications are your way of knowing that we take seriously the things you care about most. We’re proud to be both ISO 27001 accredited for information security, and ISO 9001 accredited for quality. Being ISO certified means that you can be confident that we apply international standards and best practices. Our processes and policies are constantly scrutinised and we undergo an independent annual audit to maintain our ISO certification.
With Prospect, your data is encrypted "at rest" (in the database) and "in transition" (as it is transmitted to and from users across the internet). But, you will want your staff and customers to see that is secure too. That's why we provide certificates as standard using 256-bit encryption with a 2048-bit key.
Prospect is hosted in Microsoft Azure, Microsoft’s Global Cloud platform. With Azure, Microsoft has made an industry-leading commitment to the protection and privacy of data. Microsoft were the first cloud provider recognised by the EU's data protection authorities for their commitment to rigorous EU privacy laws. Microsoft Azure complies with ISO 27001 and was the first major cloud provider to adopt the international cloud privacy standard, ISO 27018.
We use Microsoft Azure and Amazon data centres that implement the highest levels of data security, redundancy and reliability. Prospect services, running within Azure are all load-balanced with redundancy built in. They communicate across a private network within Azure and are secured by Azure’s AI (Artificial Intelligence) monitoring and protection systems. The Microsoft Azure data centres (where we run the Prospect services) and the Amazon data centre (where we store your CRM and CMS backups) are both compliant with ISO 27001.
Independent automated systems monitor every aspect of our solution, from secure certificate expiry to the performance of individual services. We use independent experts to actively scan and report on PCI vulnerability tests and to perform regular network and software penetration testing.
Most security breaches come from poor user security, not hard-core hacking. And it's no wonder...managing lots of different passwords is annoying, easy to forget and inevitably insecure. It's simpler for the users if they only have to sign in once with SSO (Single Sign-On), using something they already know like their Microsoft Office 365 login. It's much easier for IT and Admins to manage just one central list of user identities within Office 365 or Microsoft AAD. And it's much more secure to centrally enforce strong passwords and MFA (Multi-Factor Authentication).
In the end, security comes down to commitment across the organisation. Our staff are trained and regularly tested in security best practice, company policy and security culture. You can read more about our best practice in our Security Policy.