Safe4 passes 100,000 users

/in , , ,

User numbers in Safe4 have been growing steadily over the years, and a significant milestone has been reached in April 2021. Safe4 now has more than 100,000 users, each of which is able to enjoy the benefits of highly secure cloud-based storage and management of confidential information.

Initial usage of Safe4 was concentrated primarily in commercial and corporate applications. Recent trends, however, have seen the system becoming increasingly used as a secure personal vault, holding information on behalf of private individuals who are clients of service providers in different sectors. These range from clients of international banks to patients of health testing and screening companies. Integration of the Safe4 vault into other business applications using the system’s restful API has provided many users with a convenient and safe facility for holding their personal information.

Full compliance with the UK Data Protection Act, following the introduction of the European GDPR in 2018, gives customers and their clients additional comfort and protection, as does the knowledge that Safe4 uses UK-only data centres accredited to ISO 27001.

For further information on how using Safe4 can potentially add value to your business, please contact us. We will be delighted to hear from you.

Screen4 partners with Safe4 for Covid-19 Testing

/in , ,

Screen4, one of the UK’s leading providers of health screening services, has partnered with Safe4 and S4Encrypt to help to automate the processing of Covid-19 tests purchased from its website.

As one of the world’s top drug and alcohol screening services for the travel sector, with operations in 140 locations across 40 countries, Screen4 was well placed to offer Covid-19 testing facilities when the pandemic started to have an impact in the UK. From its Barnsley, Yorkshire, premises it can process in excess of 3,000 Covid-19 tests per day, in conjunction with Oncologica, a testing laboratory based in Cambridge.

Contact began in June 2020

The first contact between S4Encrypt, Safe4 sister company, and Screen4 took place on 23 June 2020, by which time the UK was in a state of lockdown and reeling from the effects of the Coronavirus. This quickly led to technical discussions between Safe4 and the technology partners of Screen4, with the intention of integrating the process for receiving orders for Covid-19 tests with the use of the Safe4 vault as a means of delivering the test result to the end customer.

Alistair Stubbs, Safe4 CTO, came up with a solution design based on the use of the system’s existing capabilities in conjunction with a new Safe4 object type – the Event. This allowed each individual test – the Safe4 Event – to be associated with one or more customers who would each become users of the system.

How the Covid-19 testing process works

The primary requirement arose from the close association that Screen4 had built up with the travel sector, and focused on the need for pre-travel testing. Many countries had determined that before anyone would be permitted to enter from abroad, the passenger would have to provide evidence of a negative PCR test for Covid-19.

Several airlines, including TUI, Virgin Atlantic and Qantas, as well as P&O Ferries, now direct passengers buying travel tickets to the Screen4 website, where Covid-19 PCR tests can be purchased. These include both self-administered and clinician-collected tests. The Screen4 internal systems then send data to Safe4 through the API, triggering the creation of a vault and an invitation for the traveler to create a user account.

After confirmation of the test, including time and location in the case of clinician-collected tests, the user is prompted to use their vault to record the barcode on the sample vial that is used to carry the PCR swab to the laboratory in Cambridge. This unique code also captures the precise time and date of entering the barcode, essential for the calculation of the pre-flight hours for the destination country: either 48 or 72 hours. After analysis of the samples by the laboratory the test results are transferred automatically to each individual’s vault. Safe4 then notifies the traveler that the result is available and produces a PDF certificate confirming the traveler’s details and the test result, which can be shown both on departure and arrival to satisfy the requirements of the destination country.

The e-wallet and the QR Code

In addition to the certificate, which can be downloaded to a computer or a smartphone, Safe4 also creates a pass that can be added to the e-wallet on most modern phones. Both the certificate and the pass carry a QR code that, when scanned, displays a page from the secure Safe4 website allowing independent verification of the test result.

The way forward

Safe4, S4Encrypt and Screen4 are looking at enhancements of the service to include different types of test, as well as exploring the capability of the solution to capture evidence of a vaccination. This can be linked with an identity verification function that will capture a photograph of the individual, for additional validation of the traveler and the test or vaccination status. This Immunity Passport facility will help the travel industry to start to resume pre-pandemic levels of activity.

David Grouse, Managing Director of Screen4, believes that the association with S4Encrypt and the use of the Safe4 vault can help to achieve higher volumes and faster customer service. David believes that “the addition of the vault capability to deliver Covid-19 test results rapidly to our customers is helping us to streamline our operations and increase throughput, as well as bringing the result to the travelling customer more quickly and securely.”

Ben Martin, director of both Safe4 and S4Encrypt, is delighted with the progress that has been made. He feels that “working closely with Screen4 has been a very productive process for us. We are conscious of the importance of handling the Covid-19 test process as quickly and efficiently as possible, bearing in mind the health consequences for the customer and the need to get our economy functioning again quickly. Using the system as an irrefutable means of proving vaccination status in the future will also help all of us to move towards an end to the disruption that everyone has suffered during the pandemic.”

The high level of security provided by the Safe4 vault is crucial to ensure that the personal health data being handled throughout the process is managed as safely as possible. Safe4 complies fully with the UK Data Protection Act 2018, incorporating the European GDPR. All the information captured in the service is held in UK-only data centres accredited to ISO 27001.

For more information, please contact us. We will be delighted to hear from you.

Safe4 completes development of Covid-19 Testing application

/in , , ,

The challenge

The Covid-19 pandemic has challenged many businesses globally by making it extremely difficult for their workers to carry out their duties normally. Whilst many organisations have been able to function by assisting staff to work from home, there are many for whom physical attendance in a specific workplace is essential – construction, property maintenance, care for the elderly, retail, hospitality, to name but a few. In order to help such organisations deploy their workforce with minimum risk to health, we have completed the development of the Safe4 Covid-19 Testing application.

The solution

The application developed by Safe4 is based on 5 key elements:

  • The creation of a secure vault in which each individual’s identity and test result data can be held
  • Biometric identity verification using smartphone technology to ensure that the people involved are who they say they are
  • Facilitating an on-site Covid-19 antibody or PCR antigen test using a world-leading testing partner and PHE and MHRA approved laboratories and testing processes
  • Capturing the test result in the individual’s personal vault and providing a facility for this to be downloaded as a pass to a smartphone, so that it can be shown in a wallet bearing a QR code
  • The ability to present a landing page direct from the secure Safe4 site when the QR code is scanned, to allow the individual to be verified visually

The pass in the smartphone wallet presents the individual’s test result. When the QR code is scanned, the landing page allows both the identity of the individual and the test result to be verified visually.

Safe4Work

The service is aimed primarily at organisations with more than 20 employees, although it can accommodate businesses of any scale.

All of the data captured in this process is held in secure UK-based data centres accredited to ISO 27001, and is managed in accordance with well-established Safe4 standards, offering class-leading security and availability.

Please contact us if you would like any further information on how the Safe4 Covid-19 testing application can assist your organisation to get its staff back to work safely.

More news about leaks of highly sensitive information

/in , ,

There are now virtually daily examples in the media of how leaks of highly sensitive information are occurring, often due to human error or misbehaviour, but also due to lack of security in poorly designed or managed systems. A current article in the media today highlights a glaring example of this – click here for more information.

Safe4 was designed with security at the core

The fundamental design of Safe4 is based around the use of secure vaults, into which information can be placed by the provider of the service, such as a professional practitioner or an employer, and the individual users who have been given access to that specific vault. Information cannot “leak” in the way that seems to be occurring regularly in other systems.

Even if a hacker were to break in to the “back door” of Safe4, without using one of the normal user interfaces, nothing can be inferred due to the way that the data is obfuscated and encrypted. The secure vault design underpins this, so that each vault becomes a completely discrete storage space for information in structured form (in columns and rows, similar to spreadsheets and simple databases) or unstructured form (document files).

Regulatory compliance

Safe4 complies with a number of regulatory frameworks by virtue of the fact that all stored information is encrypted, everything is held in UK-based data centres that comply with ISO 27001, 2-factor authentication, and a full audit trail of all user actions is maintained. The ideal solution for the storage and management of highly sensitive information, in effect.

Please contact us if you would like more information on how Safe4 can help your organisation to enhance compliance, reduce costs, and improve client service.

Payment fraud using email – it’s completely avoidable

/in , , ,

Payment fraud is a constant risk

Occurrences of payment fraud using email are continuing to hit the headlines, and it is something that can be avoided completely. The risk of using email for communication of confidential information has been evident for some years, as highlighted by this post on the Safe4 website last year.

Sending invoices by email, particularly for large sums of money, is fraught with risk. Even communicating via email regarding financial transactions can risk significant losses – as highlighted in the media today. Both supplier and customer can be victims of this type of fraud.

Personal or financial information – don’t use email

It is not just using email for communicating financial information that can lead to unnecessary risks. Personal data can also be misused if is transferred between organisations by email. The potential for theft of highly personal information is something that HR consultants face constantly, as illustrated on this website in April this year.

There is a solution

For a number of years Safe4 have been delivering invoices by uploading them into a secure vault dedicated to each customer. Only the designated users of each vault are able to access the document, and there is a comprehensive audit trail of all activity so that the supplier can be sure that the invoice has been received by the customer – and nobody else.

Options for ad-hoc sharing of confidential information have been identified by Safe4 partners OPTSM, as explained on their website. The simple rule – if you need to communicate sensitive financial or personal information, don’t use email – use SafeShare, the approach they are offering. This is based on the ability to create a Safe4 vault and invite a user in a few seconds, thus making sure that the data being shared gets to the right person immediately and with no risk of intrusion.

If you would like more information on how to avoid the risk of financial payment fraud or loss of sensitive personal data, please get in touch. We will be delighted to help.

HR Consultants are benefiting from using Safe4

/in , ,

HR Consultants no longer have to worry about the safety and security of communications with their clients

Safe4 Channel Development Director

Paul Stallard

 

HR Consultants are benefiting from using Safe4. Paul Stallard, Channel Development Director of Safe4, has stressed that by its very nature the information that is passed between HR consultants and their clients, particularly employee information, is extremely confidential. Of course, it is covered explicitly by the UK Data Protection Act of 2018, which has embraced the European General Data Protection Regulation. However, the loss or improper use of personally-identifiable information can lead to massive penalties and serious reputational damage.

 

Safe4 provides a highly secure online vault for HR Consultants to share and store confidential information. With over 48,000 users Safe4 is a well-established platform that provides a range of benefits:-

  • Complete confidentiality – Safe4 has been designed to be secure from first principles
  • A secure vault is set up for each client or employee of the principal client. There is no possibility of any unauthorised access to information – only specifically-invited and authorised parties can access the vault
  • All data is stored in the UK
  • A comprehensive audit trail captures records of all user activity
  • No information is actually sent by email. Whilst so-called “secure” email services might be able to transfer information safely between parties, they do not manage any documents or data throughout the life of a consultant / client relationship, or indeed of a client / employee relationship – Safe4 does
  • The Safe4 asset register allows information to be held as structured data and displayed in columns and rows similar to a spreadsheet or simple database. This is a highly secure and efficient way to hold specific details about an individual, allowing such confidential data as National Insurance numbers, bank details, and general personal information to be entered directly into fields online, as opposed to having to include them within a document
  • Automatic notification of any new upload, whether of a document or a data record
  • Signing documents online – this can cover service agreements between consultant and client, as well as contracts of employment for the clients’ staff. The Safe4 document signing facility is accepted by both HMRC and Companies House in the UK
  • The Safe4 compliance framework can be used as a means of sharing policy and procedure documents with staff, and can also provide confirmation that these documents have been read and understood

In short, the implementation of this approach can allow HR Consultants to furnish their clients with confidential information in a completely secure way, and can also be extended to allow the Consultant’s client companies to manage the information they handle on behalf of their own staff.

For more information on how HR Consultants are benefiting from using Safe4, please contact us. We will be delighted to share with you some of the success stories achieved so far.

Safe4 version 6.1 is released – managing large file uploads safely

/in , , ,

Alistair Stubbs

 

The release of Safe4 version 6.1 represents a significant move forward. The task of managing large file uploads safely has proved to be a considerable challenge, but members of the Safe4 development team, led by Alistair Stubbs and Darren Hamilton, have completely overhauled the upload function within the system to make it more secure and much more robust.

File size limit is increased to 2 gb

Safe4 can now accept uploads of up to 2 gb per individual file. Safe4 does not function in the same way as an FTP site by simply transferring files from one location to another, but processes files by checking for viruses and applying industry-leading encryption. Security policies are also enforced through whitelist and blacklist checking, as well as scanning for protective markings and rejecting the upload of password-protected files when appropriate settings are applied. This comprehensive content checking also extends to ZIP files, nested to an arbitrary level. Updating comprehensive audit trails enables the system to maintain a full record of all user activity.

The enhanced upload process now manages a series of queues, so that if network connections are broken, or hardware failure occurs in the server environment, uploads will still be completed without further user intervention.

Opportunities for new applications

The increase in the file size limit opens up new areas of opportunity for the application of Safe4. Capture of PST files from email systems is one area that is of great interest to law firms, who may need to store very large files as records of projects or cases. Medical requirements can also be addressed; video files generated by endoscope examinations are frequently very large, and can now be handled within the context of patient records.

Please contact us if you would like any further information on how Safe4 can be used within your organisation – we will be delighted to assist you.

March 2020 sees the millionth upload to Safe4

/in , ,

This month has seen the millionth upload to Safe4. The number of uploads to Safe4 had already eclipsed the previous monthly record before we reached the middle of March, reflecting the dramatic changes in working practices caused by the rapid spread of the Coronavirus in the United Kingdom.

When a pandemic such as Covid-19 has such an enormous impact on the way organisations operate, the need for rapid and safe communication is paramount. Safe4 has assisted a number of customers to set up new channels of communication so that interaction with staff who are working from home is made easier and more effective.

The availability of cloud-based services and resources has had a profound impact on our ability to withstand the effects of the Covid-19 pandemic. Business resilience is greatly improved, and although the UK economy will undoubtedly be severely disrupted during this period, we will maintain a greater semblance of normality than would have been the case several decades ago.

If you would like more information on how Safe4 can assist your organisation to deal with the effects of major disruptive events, please contact us.

Confusion reigns regarding responsibility for data protection compliance

/in , , ,

A recent survey suggests that there is still a good deal of confusion regarding responsibility for data protection compliance. Given that the UK adopted the EU GDPR into the Data Protection Act in May 2018, this reflects the general lack of awareness among many organisations today.

This survey also indicates a lack of clarity over whether cloud-based information management services offer better or worse protection that traditional on-premise storage. The answer of course is that the level of security and therefore protection depends on which cloud service provider is involved. Safe4 has an unblemished record of secure service provision, with an availability record very close to 100%. Not all cloud service providers can offer this.

Safe4 has also clarified the different roles and responsibilities relating to data protection in their Data Protection Policy – click here for more details. Safe4 does not claim ownership of any data that is stored within its system, and thus acts as the Data Processor. Customers own their data and have responsibility for any information that is placed in Safe4, and therefore are Data Controllers.

Adding to the benefit of using Safe4 for information storage is the fact that Safe4 only uses UK-based hosting services accredited to ISO 27001. Together with enhanced password strength management and 2-factor authentication, Safe4 provides a platform for its customers to be confident that the system will support their own Data Protection compliance programme. No cloud service provider can make its customers compliant with the Act however – ultimate responsibility lies with the Data Controller to ensure that their own information security policies and practices are enforced. The vast majority of data security breaches are caused by human error or poorly trained employees.

For more information on how Safe4 can assist your data protection compliance programme, please contact us.

Enhanced user management as Safe4 version 6.03 is released

/in , , ,

The release of Safe4 version 6.03 sees an upgrade in the way that vault users can be managed. It is now possible for vault users to be given specific permission to issue invitations to those with whom they wish to share their own vault. Hitherto the issuing of user invitations has been restricted to provider users. This enhanced user management will support the implementation of Safe4 in a number of particular application scenarios, principally in situations where a vault user wishes to share their inheritance vault or life vault with a member of the family, for example.

As before, the ability to alter permission settings on folders and user accounts remains under the control of provider users. Invitations issued by vault users will carry by default a read-only security group setting, thus preventing any potentially unwanted addition or removal of documents or data in the vault by the invited user.

Safe4 version 6.03 also incorporates a number of server-side enhancements to security and performance, to ensure that the system remains among the safest and most reliable on the internet.

Please contact us if you would like more detail on this release, or for general information on how the implementation of Safe4 can bring benefits to your business.