Tag Archive for: iso 27001

Major upgrade for Safe4

/in ,

2024 sees a major upgrade for Safe4

With the new year has come a major upgrade for Safe4. The highly secure information management and sharing service now has an enhanced user interface, with the ability to introduce a colour scheme of the customer’s choice.

The revamped user interface reflects a more modern and functionally rich experience for the user:

major upgrade for safe4, with document watermarking and enhanced branding

This new version of Safe4 is not just about cosmetic appearances, however. There are several significant changes to the functionality of the system…

This new version of Safe4 is not just about cosmetic appearances, however. There are several significant changes to the functionality of the system…

Documents can now be Watermarked

A highly configurable watermarking capability has been added as part of this major upgrade for Safe4. Any PDF file can show any chosen message, as well as a record of who has opened the document.

Documents in safe4 can be watermarked

This function also permits PDF files to be controlled, to help to reduce improper use of the information held in Safe4. Individual documents can be password controlled, and there are tools to support marking up PDF files, as well as preventing functions such as printing.

New user registration

New users will no longer be required to think of a username when accepting their invitation to register for Safe4. The system will apply the user’s email address as the username, simplifying the process and making it easier to remember usernames. If a user is invited to become a member of multiple vaults, they will simply have to enter a password and the system will automatically add them to the new vault.

Safe4 s hosted in the UK, on data centres accredited to ISO 27001. It complies with the Solicitors Regulation Authority guidance for cloud-based systems, and provides granular permissions, and a comprehensive audit trail and reporting capability.

If you would like more information on how the upgraded version of Safe4 can be of value to your business, please contact us. We will be delighted to assist.

MI5 warns of massive intellectual property theft

/in ,

As featured on the BBC website on 18 October 2023, the head of MI5 in the United Kingdom has warned of the massive scale of intellectual property theft by Chinese agents approaching UK businesses.

Ken McCallum, the Head of MI5, speaking at Stanford University in California at a meeting of the Five Eyes alliance, has warned of the risk that penetration of UK businesses by hostile agents now presents. Read the article on the BBC website in full here.

The UK is known internationally as the source of much original thinking and innovation in product and service design. This naturally makes UK a target at many levels for unlawful penetration and theft of data. Whilst this clearly affects businesses who are generating and managing confidential information, the risk is also a major issue for universities, from which many UK startup companies originate.

The Solution?

Safe4 Information Management was set up in 2010 to provide a highly secure service to allow organisations of any size and type to share confidential information securely. The unique architecture of Safe4 allows the creation of secure vaults in the cloud to which users can be invited selectively. Granular permission and access controls ensure that sensitive information cannot be accessed by unauthorised parties. This differs radically from most other online file sharing systems, which are simply ways of sharing folders. Safe4 uses UK-only hosting in ISO 27001 accredited data centres, and sophisticated file encryption. Comprehensive audit trails and reporting facilities support business best practice and good governance. Safe4 offers a genuinely safe and secure facility for managing confidential documents and structured data.

Intellectual capital is one of the UK’s prime national assets, and should be managed in the most secure way possible. The core design of Safe4 makes this simple and affordable for any organisation, whether public or private sector, and of any scale. Safe4 is used effectively by small specialist consultancies as well as large corporates and public sector customers.

Safe4 has been adopted by a range of different organisations across many different business sectors. If you would like to learn how using Safe4 can reduce the risk of intellectual property theft, please contact us. We will be delighted to assist.

Risk of using email for the transfer of confidential information

/in , , , ,

The risk of using email for the transfer of confidential information has been highlighted yet again. In today’s edition of The Times, the penetration of an email system with criminal intent has led to the loss of confidential information.

The Safe4 system has been designed specifically to avoid the use of email for the transfer of confidential information. The secure vault, which is at the heart of the Safe4 architecture, can be used for a wide range of different applications. In order to access the contents of a vault, users have to have been specifically invited to do so, and must authenticate themselves with username, password and 2-factor authentication. Confidential information is never transferred by email.

Safe4 follows guidance from the UK National Cyber Security Centre for matters relating to password length and strength, and is regularly penetration-tested by UK Government accredited services. Combined with comprehensive reporting and audit trails, and UK-based hosting in data centres accredited to ISO 27001, Safe4 offers a secure alternative to the use of email to transfer confidential information.

For more information on how Safe4 can assist your organisation to reduce the risk of unauthorised access to your information, please contact us.

NCSC warns of cyber threats to UK law firms

/in , ,

The United Kingdom National Cyber Security Centre (part of GCHQ) has warned again about the cyber threats to UK law firms. The renewed threat is largely being driven by legal practices adopting hybrid working patterns resulting from the pandemic, with staff increasingly spending more time working from home. More background is available in an article published in The Register on 26th June 2023.

Since law firms by definition handle highly confidential information, and are increasingly dealing with very large sums of cash on behalf of their clients, the opportunity for criminals to interfere with the transfer of information is enormous. In the words of NCSC, law firms are “particularly attractive targets to attackers”.

Cyber threats to UK law firms are not new – Safe4 Information Management was formed in 2010 specifically to allow organisations to exchange information with external parties without compromising the confidentiality of the information in question. Safe4 works with a number of law firms, both large and small, and has provided its secure vault-based service to legal practices across the UK. One of the key elements in the approach adopted by Safe4 is that confidential information is NEVER transferred by email. Invitations and notifications are sent by email, but users have to authenticate themselves with a username, password and optionally 2-factor authentication before any confidential information is made available.

One of the instances where this is most valuable is with the provision of bank details by clients. Using the structured data capabilities of Safe4, clients can be invited to enter their bank details into an online form, which when completed notifies the professional practitioner that the data has been provided. The practitioner, or fee-earner, will then have read-only access to this information after they have carried out the necessary authentication. The bank details can then be used for their intended purpose, and optionally transferred into other internal systems by API.

The Register article makes the point that some of the attackers are nation states, with access to very sophisticated tools. In particular, brute-force attack technologies are being used to penetrate systems by exploiting weak passwords. To mitigate this risk, Safe4 has implemented NCSC recommendations relating to password length and strength.

All of the information held in Safe4 is stored in UK-only data centres accredited to ISO 27001. Safe4 is penetration tested regularly, and is accredited under the UK Cyber Essentials scheme by Government approved organisations under the CHECK protocol.

If you would like more information on how Safe4 can help with the battle against cyber attack, please contact us. We will be delighted to assist.

Safe4 has passed 250,000 users

/in , , , , , , ,

During April 2022 Safe4 has reached the quarter-of-a-million user mark. The fact that Safe4 has passed 250,000 users is significant in many ways – not least because it demonstrates the stability and reliability of the system.

The principal benefit that Safe4 brings is, of course, security. Many of the users who have created accounts in Safe4 have received vital health information through their vault, and can rest assured that their confidential personal data has not been compromised by being sent using open email. The ability to offer the highest standard of protection of personal data distinguishes Safe4 from many other systems that have been used to handle the result of Covid-19 tests, for example.

Safe4 offers the same security benefit for corporate and small business users, and is now being used extensively by many professional practitioners and service providers to manage a wide range of information safely and securely.

For more information on how Safe4 can assist your organisation to reduce costs, improve compliance and enhance client service, please contact us. Safe4 utilises UK-only data centres accredited to ISO 27001, and has been designed from first principles to maximise security and confidentiality.

 

July 2021 – A record month for Safe4

/in , , , ,

July 2021 saw a record number of vaults being created in Safe4 in a single month. During July, 19,468 new vaults were created, bringing the total in the system to well over 165,000.

The rapid recent growth in the number if vaults is partly a result of Safe4 being used to handle highly personal health information, primarily related to Covid testing. The flexibility and security of Safe4 makes it an ideal solution to the problem of providing patients with critical medical information rapidly and safely, without risking the use of open email.

Safe4 also recorded another milestone in July, with over 150,000 users being registered in the system. These users enjoy highly secure access to information, whether for personal or business use. Safe4 stores all information in the system in UK-only data centres, accredited to ISO 27001.

If you would like more information on how Safe4 can help to improve the security of movement and storage of critical information, please contact us. We will be delighted to assist.

Screen4 partners with Safe4 for Covid-19 Testing

/in , ,

Screen4, one of the UK’s leading providers of health screening services, has partnered with Safe4 and S4Encrypt to help to automate the processing of Covid-19 tests purchased from its website.

As one of the world’s top drug and alcohol screening services for the travel sector, with operations in 140 locations across 40 countries, Screen4 was well placed to offer Covid-19 testing facilities when the pandemic started to have an impact in the UK. From its Barnsley, Yorkshire, premises it can process in excess of 3,000 Covid-19 tests per day, in conjunction with Oncologica, a testing laboratory based in Cambridge.

Contact began in June 2020

The first contact between S4Encrypt, Safe4 sister company, and Screen4 took place on 23 June 2020, by which time the UK was in a state of lockdown and reeling from the effects of the Coronavirus. This quickly led to technical discussions between Safe4 and the technology partners of Screen4, with the intention of integrating the process for receiving orders for Covid-19 tests with the use of the Safe4 vault as a means of delivering the test result to the end customer.

Alistair Stubbs, Safe4 CTO, came up with a solution design based on the use of the system’s existing capabilities in conjunction with a new Safe4 object type – the Event. This allowed each individual test – the Safe4 Event – to be associated with one or more customers who would each become users of the system.

How the Covid-19 testing process works

The primary requirement arose from the close association that Screen4 had built up with the travel sector, and focused on the need for pre-travel testing. Many countries had determined that before anyone would be permitted to enter from abroad, the passenger would have to provide evidence of a negative PCR test for Covid-19.

Several airlines, including TUI, Virgin Atlantic and Qantas, as well as P&O Ferries, now direct passengers buying travel tickets to the Screen4 website, where Covid-19 PCR tests can be purchased. These include both self-administered and clinician-collected tests. The Screen4 internal systems then send data to Safe4 through the API, triggering the creation of a vault and an invitation for the traveler to create a user account.

After confirmation of the test, including time and location in the case of clinician-collected tests, the user is prompted to use their vault to record the barcode on the sample vial that is used to carry the PCR swab to the laboratory in Cambridge. This unique code also captures the precise time and date of entering the barcode, essential for the calculation of the pre-flight hours for the destination country: either 48 or 72 hours. After analysis of the samples by the laboratory the test results are transferred automatically to each individual’s vault. Safe4 then notifies the traveler that the result is available and produces a PDF certificate confirming the traveler’s details and the test result, which can be shown both on departure and arrival to satisfy the requirements of the destination country.

The e-wallet and the QR Code

In addition to the certificate, which can be downloaded to a computer or a smartphone, Safe4 also creates a pass that can be added to the e-wallet on most modern phones. Both the certificate and the pass carry a QR code that, when scanned, displays a page from the secure Safe4 website allowing independent verification of the test result.

The way forward

Safe4, S4Encrypt and Screen4 are looking at enhancements of the service to include different types of test, as well as exploring the capability of the solution to capture evidence of a vaccination. This can be linked with an identity verification function that will capture a photograph of the individual, for additional validation of the traveler and the test or vaccination status. This Immunity Passport facility will help the travel industry to start to resume pre-pandemic levels of activity.

David Grouse, Managing Director of Screen4, believes that the association with S4Encrypt and the use of the Safe4 vault can help to achieve higher volumes and faster customer service. David believes that “the addition of the vault capability to deliver Covid-19 test results rapidly to our customers is helping us to streamline our operations and increase throughput, as well as bringing the result to the travelling customer more quickly and securely.”

Ben Martin, director of both Safe4 and S4Encrypt, is delighted with the progress that has been made. He feels that “working closely with Screen4 has been a very productive process for us. We are conscious of the importance of handling the Covid-19 test process as quickly and efficiently as possible, bearing in mind the health consequences for the customer and the need to get our economy functioning again quickly. Using the system as an irrefutable means of proving vaccination status in the future will also help all of us to move towards an end to the disruption that everyone has suffered during the pandemic.”

The high level of security provided by the Safe4 vault is crucial to ensure that the personal health data being handled throughout the process is managed as safely as possible. Safe4 complies fully with the UK Data Protection Act 2018, incorporating the European GDPR. All the information captured in the service is held in UK-only data centres accredited to ISO 27001.

For more information, please contact us. We will be delighted to hear from you.

Safe4 completes development of Covid-19 Testing application

/in , , ,

The challenge

The Covid-19 pandemic has challenged many businesses globally by making it extremely difficult for their workers to carry out their duties normally. Whilst many organisations have been able to function by assisting staff to work from home, there are many for whom physical attendance in a specific workplace is essential – construction, property maintenance, care for the elderly, retail, hospitality, to name but a few. In order to help such organisations deploy their workforce with minimum risk to health, we have completed the development of the Safe4 Covid-19 Testing application.

The solution

The application developed by Safe4 is based on 5 key elements:

  • The creation of a secure vault in which each individual’s identity and test result data can be held
  • Biometric identity verification using smartphone technology to ensure that the people involved are who they say they are
  • Facilitating an on-site Covid-19 antibody or PCR antigen test using a world-leading testing partner and PHE and MHRA approved laboratories and testing processes
  • Capturing the test result in the individual’s personal vault and providing a facility for this to be downloaded as a pass to a smartphone, so that it can be shown in a wallet bearing a QR code
  • The ability to present a landing page direct from the secure Safe4 site when the QR code is scanned, to allow the individual to be verified visually

The pass in the smartphone wallet presents the individual’s test result. When the QR code is scanned, the landing page allows both the identity of the individual and the test result to be verified visually.

Safe4Work

The service is aimed primarily at organisations with more than 20 employees, although it can accommodate businesses of any scale.

All of the data captured in this process is held in secure UK-based data centres accredited to ISO 27001, and is managed in accordance with well-established Safe4 standards, offering class-leading security and availability.

Please contact us if you would like any further information on how the Safe4 Covid-19 testing application can assist your organisation to get its staff back to work safely.

More news about leaks of highly sensitive information

/in , ,

There are now virtually daily examples in the media of how leaks of highly sensitive information are occurring, often due to human error or misbehaviour, but also due to lack of security in poorly designed or managed systems. A current article in the media today highlights a glaring example of this – click here for more information.

Safe4 was designed with security at the core

The fundamental design of Safe4 is based around the use of secure vaults, into which information can be placed by the provider of the service, such as a professional practitioner or an employer, and the individual users who have been given access to that specific vault. Information cannot “leak” in the way that seems to be occurring regularly in other systems.

Even if a hacker were to break in to the “back door” of Safe4, without using one of the normal user interfaces, nothing can be inferred due to the way that the data is obfuscated and encrypted. The secure vault design underpins this, so that each vault becomes a completely discrete storage space for information in structured form (in columns and rows, similar to spreadsheets and simple databases) or unstructured form (document files).

Regulatory compliance

Safe4 complies with a number of regulatory frameworks by virtue of the fact that all stored information is encrypted, everything is held in UK-based data centres that comply with ISO 27001, 2-factor authentication, and a full audit trail of all user actions is maintained. The ideal solution for the storage and management of highly sensitive information, in effect.

Please contact us if you would like more information on how Safe4 can help your organisation to enhance compliance, reduce costs, and improve client service.

Confusion reigns regarding responsibility for data protection compliance

/in , , ,

A recent survey suggests that there is still a good deal of confusion regarding responsibility for data protection compliance. Given that the UK adopted the EU GDPR into the Data Protection Act in May 2018, this reflects the general lack of awareness among many organisations today.

This survey also indicates a lack of clarity over whether cloud-based information management services offer better or worse protection that traditional on-premise storage. The answer of course is that the level of security and therefore protection depends on which cloud service provider is involved. Safe4 has an unblemished record of secure service provision, with an availability record very close to 100%. Not all cloud service providers can offer this.

Safe4 has also clarified the different roles and responsibilities relating to data protection in their Data Protection Policy – click here for more details. Safe4 does not claim ownership of any data that is stored within its system, and thus acts as the Data Processor. Customers own their data and have responsibility for any information that is placed in Safe4, and therefore are Data Controllers.

Adding to the benefit of using Safe4 for information storage is the fact that Safe4 only uses UK-based hosting services accredited to ISO 27001. Together with enhanced password strength management and 2-factor authentication, Safe4 provides a platform for its customers to be confident that the system will support their own Data Protection compliance programme. No cloud service provider can make its customers compliant with the Act however – ultimate responsibility lies with the Data Controller to ensure that their own information security policies and practices are enforced. The vast majority of data security breaches are caused by human error or poorly trained employees.

For more information on how Safe4 can assist your data protection compliance programme, please contact us.