Security

Cloud security at Memset is the highest priority. Our ISO27001-based Information Security Management System underpins every area of the business, including our UK Government security accreditations.

Security Organisation and Leadership

  • MD oversight of security matters as Senior Information Risk Owner (SIRO)
  • Operational ownership of security matters held by a dedicated Security Manager
  • Segregation of duties between Security and Compliance managers and teams
  • Board representation in security decisions
  • Strong investment in security technologies, personnel and processes

Physical and Environmental Security

  • ISO 27001 certified data centres, Dunsfold data centre approved for PSN Protected, all data centres appropriate for Official data
  • Comprehensive CCTV coverage with footage retained for 90 days
  • Biometric and/or RFID badge controlled access to data halls
  • Physical access limited to specific necessary personnel
  • Stand-off fenced perimeters in place
  • At least N+1 UPS, generators and HVAC
  • FM-200 fire suppression
  • Continuous Building Management System monitoring

Operational Security

  • Incident management and change control procedures in place
  • Active involvement in the security community
  • DevOps security model allowing rapid mitigation of security issues
  • Strict media sanitisation and destruction procedures
  • Role-based access control
  • Customer support activity logging

HR Security

  • All staff are BPSS screened prior to commencing employment
  • SC vetted staff
  • Defined and managed hiring and termination policies
  • Mandatory confidentiality agreements for all staff
  • Ongoing security awareness training for all staff

Compliance

  • ISO 27001:2013 certified hosting services and data centres
  • ISO 9001 and 14001 certified
  • PSN accredited to provide Official services over PSN Protected
  • Accredited to provide Official classified services via encrypted PSN overlay