Tag Archive for: GDPR

Safe4 has passed 250,000 users

During April 2022 Safe4 has reached the quarter-of-a-million user mark. The fact that Safe4 has passed 250,000 users is significant in many ways – not least because it demonstrates the stability and reliability of the system.

The principal benefit that Safe4 brings is, of course, security. Many of the users who have created accounts in Safe4 have received vital health information through their vault, and can rest assured that their confidential personal data has not been compromised by being sent using open email. The ability to offer the highest standard of protection of personal data distinguishes Safe4 from many other systems that have been used to handle the result of Covid-19 tests, for example.

Safe4 offers the same security benefit for corporate and small business users, and is now being used extensively by many professional practitioners and service providers to manage a wide range of information safely and securely.

For more information on how Safe4 can assist your organisation to reduce costs, improve compliance and enhance client service, please contact us. Safe4 utilises UK-only data centres accredited to ISO 27001, and has been designed from first principles to maximise security and confidentiality.

 

Safe4 passes 100,000 users

User numbers in Safe4 have been growing steadily over the years, and a significant milestone has been reached in April 2021. Safe4 now has more than 100,000 users, each of which is able to enjoy the benefits of highly secure cloud-based storage and management of confidential information.

Initial usage of Safe4 was concentrated primarily in commercial and corporate applications. Recent trends, however, have seen the system becoming increasingly used as a secure personal vault, holding information on behalf of private individuals who are clients of service providers in different sectors. These range from clients of international banks to patients of health testing and screening companies. Integration of the Safe4 vault into other business applications using the system’s restful API has provided many users with a convenient and safe facility for holding their personal information.

Full compliance with the UK Data Protection Act, following the introduction of the European GDPR in 2018, gives customers and their clients additional comfort and protection, as does the knowledge that Safe4 uses UK-only data centres accredited to ISO 27001.

For further information on how using Safe4 can potentially add value to your business, please contact us. We will be delighted to hear from you.

More news about leaks of highly sensitive information

There are now virtually daily examples in the media of how leaks of highly sensitive information are occurring, often due to human error or misbehaviour, but also due to lack of security in poorly designed or managed systems. A current article in the media today highlights a glaring example of this – click here for more information.

Safe4 was designed with security at the core

The fundamental design of Safe4 is based around the use of secure vaults, into which information can be placed by the provider of the service, such as a professional practitioner or an employer, and the individual users who have been given access to that specific vault. Information cannot “leak” in the way that seems to be occurring regularly in other systems.

Even if a hacker were to break in to the “back door” of Safe4, without using one of the normal user interfaces, nothing can be inferred due to the way that the data is obfuscated and encrypted. The secure vault design underpins this, so that each vault becomes a completely discrete storage space for information in structured form (in columns and rows, similar to spreadsheets and simple databases) or unstructured form (document files).

Regulatory compliance

Safe4 complies with a number of regulatory frameworks by virtue of the fact that all stored information is encrypted, everything is held in UK-based data centres that comply with ISO 27001, 2-factor authentication, and a full audit trail of all user actions is maintained. The ideal solution for the storage and management of highly sensitive information, in effect.

Please contact us if you would like more information on how Safe4 can help your organisation to enhance compliance, reduce costs, and improve client service.

HR Consultants are benefiting from using Safe4

HR Consultants no longer have to worry about the safety and security of communications with their clients

Safe4 Channel Development Director

Paul Stallard

 

HR Consultants are benefiting from using Safe4. Paul Stallard, Channel Development Director of Safe4, has stressed that by its very nature the information that is passed between HR consultants and their clients, particularly employee information, is extremely confidential. Of course, it is covered explicitly by the UK Data Protection Act of 2018, which has embraced the European General Data Protection Regulation. However, the loss or improper use of personally-identifiable information can lead to massive penalties and serious reputational damage.

 

Safe4 provides a highly secure online vault for HR Consultants to share and store confidential information. With over 48,000 users Safe4 is a well-established platform that provides a range of benefits:-

  • Complete confidentiality – Safe4 has been designed to be secure from first principles
  • A secure vault is set up for each client or employee of the principal client. There is no possibility of any unauthorised access to information – only specifically-invited and authorised parties can access the vault
  • All data is stored in the UK
  • A comprehensive audit trail captures records of all user activity
  • No information is actually sent by email. Whilst so-called “secure” email services might be able to transfer information safely between parties, they do not manage any documents or data throughout the life of a consultant / client relationship, or indeed of a client / employee relationship – Safe4 does
  • The Safe4 asset register allows information to be held as structured data and displayed in columns and rows similar to a spreadsheet or simple database. This is a highly secure and efficient way to hold specific details about an individual, allowing such confidential data as National Insurance numbers, bank details, and general personal information to be entered directly into fields online, as opposed to having to include them within a document
  • Automatic notification of any new upload, whether of a document or a data record
  • Signing documents online – this can cover service agreements between consultant and client, as well as contracts of employment for the clients’ staff. The Safe4 document signing facility is accepted by both HMRC and Companies House in the UK
  • The Safe4 compliance framework can be used as a means of sharing policy and procedure documents with staff, and can also provide confirmation that these documents have been read and understood

In short, the implementation of this approach can allow HR Consultants to furnish their clients with confidential information in a completely secure way, and can also be extended to allow the Consultant’s client companies to manage the information they handle on behalf of their own staff.

For more information on how HR Consultants are benefiting from using Safe4, please contact us. We will be delighted to share with you some of the success stories achieved so far.

Confusion reigns regarding responsibility for data protection compliance

A recent survey suggests that there is still a good deal of confusion regarding responsibility for data protection compliance. Given that the UK adopted the EU GDPR into the Data Protection Act in May 2018, this reflects the general lack of awareness among many organisations today.

This survey also indicates a lack of clarity over whether cloud-based information management services offer better or worse protection that traditional on-premise storage. The answer of course is that the level of security and therefore protection depends on which cloud service provider is involved. Safe4 has an unblemished record of secure service provision, with an availability record very close to 100%. Not all cloud service providers can offer this.

Safe4 has also clarified the different roles and responsibilities relating to data protection in their Data Protection Policy – click here for more details. Safe4 does not claim ownership of any data that is stored within its system, and thus acts as the Data Processor. Customers own their data and have responsibility for any information that is placed in Safe4, and therefore are Data Controllers.

Adding to the benefit of using Safe4 for information storage is the fact that Safe4 only uses UK-based hosting services accredited to ISO 27001. Together with enhanced password strength management and 2-factor authentication, Safe4 provides a platform for its customers to be confident that the system will support their own Data Protection compliance programme. No cloud service provider can make its customers compliant with the Act however – ultimate responsibility lies with the Data Controller to ensure that their own information security policies and practices are enforced. The vast majority of data security breaches are caused by human error or poorly trained employees.

For more information on how Safe4 can assist your data protection compliance programme, please contact us.

Evidence of increased threat of email intrusion

Online fraud and theft have become widespread in recent years. Email in particular presents a growing risk as criminals identify ever more devious methods of persuading individuals and businesses to expose their confidential information.

The risk is highlighted in an article on the VaultConnect website, please click here for details. VaultConnect are partners of Safe4, and are working to reduce the risk of email intrusion for professional practitioners and other businesses across the United Kingdom. This article refers to 5 scams, of which number 3 is the particular case in point. Safe4 have stressed the importance of avoiding the use of email for some years, although in many sectors it is still used routinely to transfer confidential information in spite of the potential consequences of a breach under the terms of the Data Protection Act.

For more information on how the use of Safe4 can help your organisation to reduce cost and improve regulatory compliance and governance whilst enhancing customer service, please contact us.

Safe4 is going large – version 5.20 is released

October 2018 has seen the release of Safe4 version 5.20, which contains some important enhancements to the highly secure information delivery and management service. “Safe4 is going large” is a fitting way to describe some of the changes introduced in this release.

As in all new releases, Safe4 have improved a number of the fundamental security features of the system. In order to make sure that customers’ data, as well as that of their clients, is managed in the most secure way possible, changes have been made to the way in which information is stored so that the risk of penetration is reduced. This includes some changes that will make it easier for clients to comply with the Data Protection Act, following the introduction of GDPR in May 2018. For example the Subject Access Request report, which is available at the press of a single button, has been expanded.

Large file management

However, the most significant element within this release is the ability to upload files of up to 800 megabytes per individual file. This is an interim step, with the short term objective being 2 gigabytes per individual file. The fundamental security approach of Safe4 has always meant that uploading documents was more than just moving a file from one location to another, and consequently the upload process involves a number of server-based functions such as virus-checking, content scanning, encryption, transferring the file into cloud storage and updating the database and all of the audit trails. These functions have now been separated and will be performed sequentially, so that the server-based processing is carried out after the client interface has been refreshed. Very large files will be shown on the file list immediately, but with a “Processing” indicator until the server functions have been completed.

As well as virus checking and encryption, Safe4 also performs a series of content checks to ensure the integrity of the data that is being uploaded. If the file fails one of these tests, or is found to contain a virus, a reference will be shown on the file list even though the file itself has been removed from the server. This will cover the whitelisting and blacklisting scans, as well as the ability to check for any files that have been protectively marked.

More significant developments to come

There is a lengthy list of enhancements in the pipeline for Safe4. The next release will feature the ability for files held in Safe4 to be signed digitally in a way that allows them to be submitted to both HMRC and Companies House in the UK. This important development will be a major time-saver for any organisation that needs multiple signatories to approve documents, and will be carried out entirely within Safe4, without the use of any external technology.

If you would like any further information on how Safe4 can help your business to improve client service, reduce costs and enhance regulatory compliance, please contact us. We will be delighted to assist you.

Cyber crime is still soaring – and insecure email remains the weakest link

The scourge of email scams and phishing continues to rise relentlessly. Whilst some organisations have taken steps to protect themselves, many still use email to transfer confidential information to recipients both within and beyond their own domain. A recently-published article highlights this, and the risks to corporate governance that are involved.

Professional practitioners are among the worst offenders. Much of the information that they generate on behalf of their clients is highly confidential and is sent by email as an attachment. Not only does this expose their clients to the loss or theft of the data, it is inefficient and can ultimately lead to serious difficulties for the practitioners themselves. In the UK it is estimated that more than 70% of law firms, for example, still use open email to carry confidential client information.

Sometimes the clients themselves are a problem …

Accounting firms, for example, provide services for a wide range of different clients, everything from global corporates to the local butcher, baker and candlestick-maker. At the smaller end of this scale many clients are resistant to using secure information sharing services as they find it easier to simply receive financial information as an attachment to an email. Sometimes it is securely stored away, but often it is not, leading to repeated requests for the information to be re-sent by the accountant, multiplying the scale of the risk.

VaultConnect, partners of Safe4 Information Management, have expressed the consequences of these “can you just …” requests for information. Typically they result in an interruption of approximately 23 minutes to stop a current task, go and find the requested information, respond to the client, and then try to resume the task that has been interrupted. And the result of this is to expose both the client and the accountant to increased risk.

There are better and safer options

The Safe4 service has been designed explicitly to protect any organisation that needs to share confidential information with external or internal parties, whether it be in unstructured form (such as documents), or structured (data held in columnar format, similar to spreadsheets and simple databases). Manningtons, an accounting firm in Sussex, have recently chosen to significantly expand their use of Safe4 in order to protect themselves and their clients from loss or theft of sensitive information. Read about their experiences here. The result of this approach has enabled Manningtons to enhance their compliance with both the Data Protection Act (which now embodies the recently-enacted European General Data Protection Regulation), and with the guidance issued by the Institute of Chartered Accountants of England and Wales. This strongly advises accounting firms not to send confidential information to clients by email, even if the client has actually requested that they do so.

Safe4 utilises a highly secure vault to hold information relating to each client. This can be shared with the clients themselves, allowing two-way transfer of confidential documents and data. The very granular permissions provided by Safe4, as well as comprehensive audit trails and reporting functions, add further levels of protection to the professional practitioners as well as their clients.

Contact Safe4

For more information on how Safe4 can help your organisation to achieve enhanced levels of security and compliance with regulatory frameworks, please get in touch. We will be delighted to assist you.

Manningtons responds strongly to the challenge of GDPR by expanding the use of Safe4

 

With a client base numbering close to 3,000 and offices across Sussex and Kent, Manningtons have become one of south-east England’s best-established accounting practices.  From their head office in Heathfield, East Sussex, they offer a wide range of accounting, taxation, and financial management services.  Like all professional practitioners, they have had to respond to the challenge of GDPR.

Manningtons relationship with Safe4 began in 2010, shortly after the secure document delivery and storage service was launched.  Alan Staples, Managing Partner at Manningtons, recognised that the application of technology to the running of an accountancy practice was gathering pace, and was determined to explore better and more secure ways to communicate with the firm’s clients.  Traditional methods of communication such as hard copy post and email were still in everyday use, as indeed they were in much of the UK business community.  However, these methods were often costly and inefficient, and in recent years have become increasingly unsafe as online fraud and theft have emerged as significant threats.

GDPR is driving change

The adoption of the Safe4 service by Manningtons has gathered momentum with the arrival of the General Data Protection Regulation across Europe.  Alan Staples is extremely conscious that protecting Manningtons clients from misuse or loss of personal information is not only best practice, but is also demanded by the Institute of Chartered Accountants of England and Wales.  Thus combining a high standard of service to clients with a high level of compliance has triggered a significant increase in the use of Safe4 as a means of getting confidential information to and from clients.

Alan’s view on this matter is very clear: “We can no longer send confidential information to clients by email.  That is the clear directive to our staff, and we are now putting Safe4 to greater use in order to ensure that we are taking the best possible care of our clients’ interests.  Manningtons serves a very varied client base across a range of different sectors.  Not all of our clients have been quick to adopt the use of modern technology, but they are now increasingly aware of the risks that they run by sticking with email as a way of transferring their confidential information.  We cannot run the risk of email intrusion, and must ensure that client information is kept confidential at all times.  The Technical Helpsheet from the ICAEW makes it clear that even if clients ask us to use email, this should not be an option that we choose.”

In areas such as payroll management, for example, the need for security is paramount.  The application of Safe4 to the transfer of key personal and financial information has increased significantly, and is not only providing heightened security but is also aiding efficiency.  Above all, Manningtons is able to offer GDPR-compliant services to its clients, thereby ensuring that their clients’ businesses and reputations are not damaged by costly and avoidable breaches or leaks of information.

Ben Martin, director of Safe4, is delighted with the progress that Manningtons have made in their adoption of Safe4.  “We have enjoyed a close relationship with Manningtons since 2010, and they were one of the first professional practitioners to adopt Safe4 in their business.  The advent of GDPR has led to important changes in the way that the Safe4 system works, giving greater control to our customers and increased security to their clients” claims Martin.  “We are in the process of making some significant enhancements to Safe4, including several that will be of value to Manningtons – such as the ability to sign documents within Safe4 – and it is of great value to have their feedback and input as we go forward.”

Safe4 has adapted to address the requirements of GDPR

GDPR has provided a catalyst for many businesses to overhaul the way that they manage their communication with their clients, and the recent changes in the Safe4 system have supported this.  The ability for a complete client vault to be deleted permanently is clearly an essential requirement, and this has been handled within the Safe4 system not just by the irrevocable deletion of data, but the maintenance of an audit trail record of the deletion and the “stub” of data that recorded the activity within the vault while it was live.  This audit trail will protect Safe4 customers by providing an evidential record should a former client have been engaged in illegal or improper activity, and is fully compliant with the GDPR requirement for data retention by contract.

Safe4 also allows a Subject Access Request report to be generated at the touch of a button, should a client ask for all of the personal information to which they have had access.

By increasing the adoption of the Safe4 system across its business, Manningtons is building a strongly compliant platform for further growth in the south east of England.  Safe4 is also enjoying the benefit of a close relationship with a professional customer whose real-world experience is proving to be a valuable reference point for the functional development of the system.

If you would like more information on how the use of Safe4 can support your GDPR compliance programme, please contact us.

More good news for Safe4 customers – outstanding availability record

Safe4 has achieved outstanding availability in the last 7 months.  Since 1 October 2017 the highly secure information delivery and storage service has achieved 100% uptime, with not a single second lost through system outages of any kind. This represents a stark contrast with other cloud-based information management services, many of which report outages almost weekly. Availability of the Safe4 service is monitored independently, and reported on every month.

This outstanding availability record for Safe4 underlines the quality of service that is the basis of the way the system functions. During the period from 1 October 2017 to date, Safe4 has undergone 4 major upgrades, none of which interrupted access to the system. This process of enhancement included the changes associated with enabling Safe4 to support customers’ GDPR compliance programmes, many of which went deep into the core of the software.

Safe4 delivers value

An exceptional level of availability is just one of the significant benefits that Safe4 offers. Safe4 has been independently assessed among the most secure 0.8% of sites on the internet, out of millions tested. Other benefits include automated upload notifications, comprehensive audit trails and reporting facilities, and UK hosting in ISO 27001-accredited data centres. Extensive customer branding and white labeling, granular permission and content controls as well as a unique and flexible architecture allow Safe4 customers to derive a wide range of financial and operational benefits.

Maintaining a strong commitment to a high quality of customer service is one of the key objectives of Safe4, together with providing class-leading levels of security. For more information on how Safe4 can provide benefits for your business, please get in touch with us. We will be delighted to assist you.