Home > Security practices

We take information security very seriously

We understand the impact a security breach could have on your business and its reputation, which is why we do everything we can to minimise the risks when developing a software solution or website.

checklist

Information security team

checklist

Development practices

checklist

Secure hosting

checklist

Safeguarding customer data

Alberon information security team

At Alberon we have an Information security team comprising the Managing Director, Senior Technical lead and Data Protection, Processes and Procedures Officer. They are all supported by Alberon’s IT Operations Team, who look after our network infrastructure, workstations and servers.

Computer with security logo

Secure development practices

Badly written code can open your software or website up to a security risk and leave your company vulnerable to a cyber-attack.

  • Best practice guidelines. We have detailed guidelines, which all our software developers are trained to follow, ensuring that every piece of code we write meets the same high standard of security.
  • Regular refresher sessions. Alberon’s security team regularly review our security processes to make sure our practices remain current. Refresher sessions on the importance of security regularly take place with the development team.
  • Code reviews. As an extra layer of protection, code is regularly reviewed by a senior developer to ensure quality and identify any potential areas of weakness.
  • Security updates. Updates are applied regularly so that systems and applications remain as secure as possible.

Secure hosting

Our staging and production systems are hosted on dedicated servers provided by Memset, who share our values when it comes to security.

  • ISO 27001:2013 Information Security Management certification. Memset have achieved this internationally recognised standard, governing the protection of personal records and commercially sensitive information. It certifies that their management system conforms to rigorous security standards.
  • Memset hold the ISO 9001:2015 Quality Management certification and the ISO 14001:2015 Environmental Management System, demonstrating their commitment to environmentally conscious hosting.
  • Memset carry out monthly vulnerability scans of their servers and any critical issues are then fixed by their engineering team.

Safeguarding customer data

Close collaboration and sharing of information with our customers is crucial in delivering the right solution. Occasionally, this means sensitive customer data being exchanged or stored within the software applications and websites that we develop and host for them.

  • Data protection and IT security policy. Alberon has a comprehensive data protection and IT security policy outlining strict guidelines when dealing with customer data. New staff are fully briefed on this process and we hold quarterly information security awareness training to make sure that staff fully understand their information security responsibilities and continue to be vigilant.
  • Secure data transfer. To ensure the safe transfer of data, HTTPS is used to secure all live web services, and web servers are configured to the highest security standards. SSH, Secure FTP, VPN, or other secure methods are used for transferring files outside our network. Our Wi-Fi network is protected with AES encryption and all live servers and office routers are protected by firewalls.
  • Policies and processes. We have processes and policies in place to cover all areas of the business and these processes play an important role in supporting information security. All staff are regularly trained in these policies, ensuring that we provide a consistently high level of security across the company.
  • Password security. All employees have unique logins to our internal systems and two-factor authentication is required for most systems. These are revoked when they leave the company. Shared passwords are securely encrypted in a password manager, with access logged and logs reviewed daily.
  • Deletion of data. In compliance with the General Data Protection Regulations (GDPR) all paper records are shredded. Office hard drives are securely overwritten before they are disposed of and production server drives are overwritten or physically shredded by providers. Backups can’t be deleted but expire after 1-6 months and access is restricted to our IT Ops team. Management of all customer data is compliant with GDPR and full details can be found in our privacy policy.

Our technologies

We use specific technologies that allow us to design and build efficient and secure software and web solutions that are easy to use and manage.

Learn more
back to top