Independent Security Testing

ISO 27001 is one of the most widely recognised information security standards and demonstrates that a certified organisation has an integrated and professional approach to all aspects of information security. For our clients, this means that we are constantly testing and reviewing our security systems. We also ensure that data security is one of the primary considerations in all services provided.

For larger organisations and government bodies, DDC can now cooperate and support your existing security practices and you can be sure that information is being transferred and processed in an auditable manner that is aligned with industry best-practice. All of our systems are within our officially stated ISMS scope, which can be verified with ISOQAR Ltd.

PCI Compliant

PCI is the credit-card industry’s benchmark security standard. We have undergone rigorous PCI compliance testing, to ensure our systems are secure enough to accept online and telephone card payments. As part of our ongoing compliance testing, our servers are scanned each month by TrustWave, who check our servers against a comprehensive list of known security vulnerabilities. We are required to maintain compliance at all times, and we promptly respond to any newly published security vulnerabilities. You can validate our current PCI compliance status by clicking on the badge below:

Strong Encryption

We use the latest SHA-256 encryption algorithms to ensure your data cannot be intercepted while in transit. We also use an ‘Enhanced Validation’ SSL certificate, which is the highest level of SSL certificate available. On modern browsers, this means you will see our company name in a green bar next to out website address. Our modern certificates are not compatible with some older, insecure browsers, which means we are less of a target for opportunistic cyber-criminals. You can validate our current SSL encryption status by clicking on the badge below:

Staff Security

All of our staff have been vetted in accordance with the Cabinet Office Baseline Personnel Security Standard (BPSS). This involves checking staff identity, employment history for a minimum of the past 3 years, Nationality and Immigration Status and Criminal Record for unspent convictions.

In addition to these checks, only staff who are fully authorised ‘Countersignatories’ are permitted to submit applications to the DBS. This position requires extensive in-house training, in addition to an Enhanced-level criminal record check.

Full DBS Compliance

The DBS regularly visit our premises and we have passed all assessments and audits. This includes site visits, information security risk assessments and direct connectivity and data delivery testing. We are also fully compliant with the DBS Guidelines and Code of Practice, which have dictated many of our operational processes.

We are subscribed to all relevant DBS mailing lists and legislative lists, to enable us to remain fully informed of upcoming changes at the DBS and any relevant developments in legislation.

Industry Standard Technology

We run our own dedicated hardware and software for processing and submitting disclosure applications. This means that your data is not stored on a shared system, such as the ‘cloud’, yet on secure hardware servers where the data is always under our direct control. We adhere to industry best-practices for secure communications and encryption.

Our in-house IT team are ably assisted by Linux support specialists ForLinux Ltd. and Windows specialist Unecom Ltd. We regularly penetration-test our own systems and have scheduled system inspections, backup tests and disaster-recovery emulations.