Our web application and data (i.e. data from the will-writing process) are hosted within Rackspace, in UK datacentres. So Rackspace’s policies and processes are our policies and processes for our physical and network security standards. Rackspace’s certifications are at https://www.rackspace.com/en-gb/certifications.
Rackspace is certified to the international standard for information security, ISO 27001. This certification also includes their internal International Global Security Services and Information Technology Infrastructure Services functions. This standard provides a framework for managing our security responsibilities and provides us with a secure environment via Rackspace’s Business Security Management System.
Rackspace is trusted by many of the world’s largest corporations. Since 2009 its system has provided the foundation for an integrated and sustainable security model working in tandem with other security controls such as PCI-DSS. It is subject to on-going external assessment by the certification body, BSI with a full re-assessment every three years.
Our application and data are installed “behind" Rackspace firewalls, and we have configured a proxy server to further control access.
All remote direct access to these Rackspace servers are via SSH (secure shell) protocol and are accessible only via a secure username/password. This is only available to specific staff within our IT provider, Tier 2 Consulting.
Access to the application by users is only via HTTPS; with secure areas being accessible only via username/password which must be authenticated prior to being able to download a completed will.
Our software has been developed in accordance with the OWASP Top 10 guidelines (for security of web applications) and is subject to periodic penetration testing.
For information of how we deal with data gathered via the web application and the online will interview, see our Processor Terms.
We have integrated Intercom in to our application. It enables targeted communication with our users through a range of online media. It is at the heart of the customer support that our users rave about. We use two-factor authentication for access of our staff to Intercom.
All data sent to Intercom is encrypted in transit. The API and application endpoints are TLS/SSL only and score an "A+" rating on SSL Labs' tests - meaning that Intercom only uses strong cipher suites and has features such as HSTS and Perfect Forward Secrecy fully enabled.