More good news for Safe4 customers – outstanding availability record
Safe4 has achieved outstanding availability in the last 7 months. Since 1 October 2017 the highly secure information delivery and storage service has achieved 100% uptime, with not a single second lost through system outages of any kind. This represents a stark contrast with other cloud-based information management services, many of which report outages almost weekly. Availability of the Safe4 service is monitored independently, and reported on every month.
This outstanding availability record for Safe4 underlines the quality of service that is the basis of the way the system functions. During the period from 1 October 2017 to date, Safe4 has undergone 4 major upgrades, none of which interrupted access to the system. This process of enhancement included the changes associated with enabling Safe4 to support customers’ GDPR compliance programmes, many of which went deep into the core of the software.
Safe4 delivers value
An exceptional level of availability is just one of the significant benefits that Safe4 offers. Safe4 has been independently assessed among the most secure 0.8% of sites on the internet, out of millions tested. Other benefits include automated upload notifications, comprehensive audit trails and reporting facilities, and UK hosting in ISO 27001-accredited data centres. Extensive customer branding and white labeling, granular permission and content controls as well as a unique and flexible architecture allow Safe4 customers to derive a wide range of financial and operational benefits.
Maintaining a strong commitment to a high quality of customer service is one of the key objectives of Safe4, together with providing class-leading levels of security. For more information on how Safe4 can provide benefits for your business, please get in touch with us. We will be delighted to assist you.
Safe4 releases version 5.10 to address GDPR compliance requirements
The General Data Protection Regulation becomes law across the EU on 25 May this year, and in order to assist our customers to ensure that they are compliant with the regulation we have introduced some system changes to the core Safe4 service. These changes are in fact part of a work-in-progress, since there are still some areas of uncertainty in the way that GDPR is expressed. The system modifications at this stage address the basic requirements of GDPR compliance, and will be built upon as greater clarity emerges.
As the Data Processor under data protection legislation, Safe4 makes use of a number of constructs, described within the system as providers and vaults. The new release, designated as version 5.10, allows these to be completely deleted, with all of their data content being irreversibly removed. The ability to perform such deletions will be granted to customers, the Data Controllers, at system administrator level only, and any actions of this sort will be carried out after several warnings have been given and responded to.
Users can also be deleted by Data Controllers. Safe4 permits users to have access to multiple providers and vaults, and consequently the removal of a user from a particular vault will not affect their access to any others.
However, because Safe4 is a system of record, the audit trails relating to the existence of providers, vaults and users will be retained. For example, the record of a user account’s existence will be retained as a basic “stub”, so that the integrity of audit trails can be maintained. Activity while a user was a member of a Safe4 vault will thus be available for evidential purposes in future, while any personal information that was stored about that person will be deleted.
The full range of reporting options will be developed over time as the specific needs of customers are established, and as aspects of GDPR compliance are clarified both by the Information Commissioner’s Office and by case law.
An additional function that will be made available to the Data Controller immediately will be the ability to respond to Subject Access Requests. The Safe4 administrator will be able to generate a Subject Access Request report at the touch of a button. This will create a PDF document that can be provided externally if required, or stored as a record within Safe4.
As always, we at Safe4 consider the secure handling of customers’ information to be our highest priority. This approach will continue, and will be extended as necessary through working closely with Data Controllers to ensure that their GDPR compliance obligations are being met.
For more information on how Safe4 can support your GDPR compliance programme, please contact us. We will be very pleased to assist. General information on GDPR can be obtained from the UK Information Commissioner’s Office.
Insecure email communication still causing huge losses through fraud
Recent news has highlighted once again the risks caused by using insecure email communication to transfer confidential information, as this article shows.
The effect of online theft is clearly devastating for those that have had their money stolen – in many cases these losses represent life savings and cannot be recovered. Criminals posing as conveyancing solicitors, or alternatively hacking into private email accounts and falsifying bank account details so that the conveyancer transfers the proceeds from the sale of a property into a criminal’s account have become much more frequent in recent years.
To allow conveyancers to be confident that they are transferring funds into the correct account, Safe4 are offering the use of their highly secure information transfer service, into which clients or indeed any other party can enter bank details directly into designated fields. This completely eliminates the risks posed by using insecure email communication to transfer this information. It is not only email that is insecure – hard copy post and voice communication also carry risks of their own.
Safe4 are also working with other organisations that have to transfer funds into a client account at the completion of a transaction. These include art galleries, auction houses, and others who may be selling assets on a client’s behalf.
In addition to the storage of all data in UK-only data centres accredited to ISO 27001, Safe4 have just completed another penetration test carried by an independent UK Government accredited agency. Again this has confirmed the high levels of security offered by using Safe4 as the means of transferring confidential information between parties that are involved in high-value transactions. Compliance with the SRA guidelines for cloud computing gives conveyancers additional confidence that information is being transferred between parties with minimum risk.
For more information on how Safe4 can help your organisation to improve the protection of clients’ money, please contact us.
Charities are exposed to serious risk when documents are lost
Proper management of sensitive records can be challenging, but when the documents in question relate to vulnerable individuals who are receiving care from charities or local authorities, the consequences of information falling into the wrong hands can be very damaging. Recent cases of paper documents being lost highlight this risk.
The impending arrival of GDPR will of course impose far more severe penalties than have hitherto been possible under current data protection legislation. Among the organisations most exposed to such potential penalties are small-to-medium charities, who in many cases handle highly sensitive information about individuals. Such charities are generally staffed by dedicated and highly competent volunteers, but often they lack the experience or resources to implement processes or systems that give proper protection to the information they handle.
Converting paper documents into electronic records can be difficult, particularly if volumes are large and the documents them selves are not in good condition. However, electronic systems do provider much tighter control of information, and also provide a host of other benefits including speed of retrieval and access while away from the office or filing cabinet.
Among the key benefits of applying a highly secure electronic system such as Safe4 to the management of confidential information is that it will not only eliminate or reduce the risk of document loss, but will permit the organisation in question to achieve and maintain compliance with GDPR. This could prove to be a key safeguard in the coming years when some of the UK’s most high-profile charities have suffered enormous reputational damage and are now seeing the cancellation of direct debit donations doubling in recent weeks. Maintaining the highest possible standards in record-keeping and information management will be a valuable means for the charity to protect their most valuable asset – their donor subscribers, who provide the majority of funds to support the important work that charities carry out to assist the members of our society who are most in need of help.
In conjunction with a number of partners, Safe4 Information Management is launching an initiative to offer the charitable sector solutions that will help them not only protect their information to the highest possible standard, but also to reduce costs and improve the efficiency of their operations. Further details of this initiative will be published in the coming months, as GDPR approaches.
If you like to know more about how Safe4 can help your organisation to enhance the secure management of confidential records, please get in touch with us.
Version 5.04 of Safe4 is released
Safe4 have released version 5.04 of the secure information delivery and storage service. This release includes a significant number of internal enhancements, and will assist with the administration and management of the service.
Users will notice changes in the way that reports and messages are handled and displayed, with more flexible options for listing and presentation. The method of PIN management has also been updated, as has the user invitation process. Further changes are in the pipeline to address the requirements of GDPR, which becomes law on 25 May 2018. It is anticipated that Safe4 will be GDPR-ready by the end of the first quarter of 2018, to ensure that customers will be fully supported in their own GDPR compliance programmes.
For more information on how Safe4 can assist your organisation to handle confidential information more securely and efficiently, as well as helping with your own GDPR compliance, please get in touch with us.
Virus checker issues led to intermittent upload failures for Safe4
At around 9:30 GMT on Friday 26 January 2018 the Safe4 system began to experience intermittent failures when uploading files. This was displayed to users as a “rejected” message in the web user interface or an error message if using the Safe4 API.
Investigation showed that the issue was caused by an intermittent failure of the virus scanner that is used to check every file uploaded to the system. This was traced to an error in the virus signature files used by the virus checker – the updated signature files relied on a capability in the core virus software that had not yet been released. The root cause was therefore configuration control by the provider of the virus software.
Once the problem was identified by the virus team an updated set of signature files was released. Normal service of Safe4 was restored by approximately 3:30 GMT on Friday 26 January 2018.
The virus vendor has advised that they are reviewing their release processes to ensure that this situation does not recur.
All of the other functions of Safe4 were unaffected by this problem, and consequently no other activities suffered any disruption.
We would like to apologise for the inconvenience that this issue caused to our customers, and for their clients and associates.
Slow progress for GDPR across Europe
Most EU member states are not making much progress towards preparing their own legislative position for the effective date of the General Data Protection Regulation on 25 May this year, according to an article published today. As many UK businesses are aware, the Information Commissioner’s Office has been issuing guidance and warnings on GDPR for quite some time, but as yet response across many sectors has been patchy.
We at Safe4 have already started the process of making our highly secure information delivery and storage service GDPR-ready, so that our customers can use the system with confidence, knowing that their own compliance programmes will be strongly supported. This will involve relatively minor changes to the system, and our plan is to have these adjustments ready for deployment by the end of March 2018, well in advance of the date when the Regulation comes into force.
For more information on how Safe4 can help your business to become GDPR compliant, please contact us.
Safe4 version 5.03 is released into production
The ongoing development of the Safe4 secure information management service continues, with version 5.03 being announced and available for use today.
In addition to a series of internal enhancements, the new release now offers customers the ability to manage users through a single console interface. Safe4 customers have increasingly found it useful to offer their services through multiple provider accounts, in order to allow differential branding and nomenclature to reflect the specific business application in question. Users have hitherto been added to new vaults and provider accounts through an invitation process. This will continue for new users, but those who already have a Safe4 account can now be added to additional vaults and providers through a new interface available to the system administrator. Similarly, removal of user accounts can now be accomplished very rapidly without having to enter each vault to which they had access.
There are many other system developments in the Safe4 product pipeline. If you would like any further information, please get in touch with us.
GDPR compliance – what will it mean for you?
Most of us now are receiving a barrage of email relating to the need for GDPR compliance in our inboxes. Consultants, assessors, seminar organisers, and a host of others are trying to get our attention in advance of the date when the General Data Protection Regulation comes into force in May this year.
Some of this communication is helpful, but the majority seems to be opportunistic. It is refreshing to come across a realistic and well-considered article that highlights the simple facts about GDPR – there is no magical solution to make any organisation compliant, just the realisation that the only effective approach lies in a thorough review of the information that is being used, who uses it, how it is managed and transmitted, and what protection measures have been taken to safeguard it.
Safe4 can help to support GDPR compliance
Every organisation, of any size or structure, will have to make sure that its information management house is in order to become compliant with GDPR. No IT system can perform this service, but a compliance programme will be more successful if it is underwritten by applying technology that allows the necessary processes to be properly implemented. We at Safe4 are making some minor changes to the way the system works to make sure that it will offer full support for GDPR. But the responsibility for achieving compliance will still lie with the organisation itself, and how it manages its own activities.
We will be publishing further information about the changes that the Safe4 system will undergo in the coming months. The basic design and architecture of Safe4, as well as other factors including UK-only storage in ISO 27001-accredited data centres, full encryption of data, no reliance on email to carry confidential information, a full audit trail of all activity, and contractual arrangements under English law already provide an effective platform for ensuring best practice in the management of information.
For more information on how using Safe4 can assist your organisation to comply with GDPR, please contact us.