Security

Security is one of our main priorities at Commusoft. Our team works every day to ensure the best security for our customers at all levels, aiming to be fully transparent and compliant.

 

Your Business and Customer Data Secured

Network Security

Commusoft uses network drive storage to host critical client data. These drives are designed to automatically encrypt data at rest.

Physical Server Security

Commusoft uses the Google Cloud Platform for its incredible server security. Not even Tom Cruise could access your customer data.

Data Storage

Commusoft’s global infrastructure is hosted on the Google Cloud Platform across multiple data centres in multiple countries, including the United Kingdom, India and United States of America. Commusoft host each client's data in their country of origin, or, the nearest country Commusoft currently have an infrastructure.

Application Security

Role-Based Security

Every user is assigned a permission level (role) which assigns different levels of access to different features. Control who in your business can see and access specific data and features.

Full Auditability

Detailed audit trails are available to all Enterprise clients, recording every successful login to the software, as well as transaction history of every new record, edited record and deleted record.

Secure Authentication

Commusoft use one-way hashed passwords with secure salts, meaning passwords can’t be read by anyone, not even Commusoft’s security team.

System Security

Enterprise Grade At-Rest Encryption

Commusoft use network drive storage to host critical client data. These drives are designed to automatically encrypt data at rest. This enterprise security feature lets our clients be confident that their information is guarded from unauthorised access.

In-Transit Encryption

All information across the Commusoft network uses SSL (https). Commusoft offer clients TLS 1.1, TLS 1.2, TLS 1.3, restricting access to the less secure TLS 1.0. This means clients can rest assured that their data is kept safe and sound.

Backup

Access and Encryption

Commusoft restrict access to all production backups to key members of the team (on a need-to-access basis). Access to these backup files is audited to maintain compliance with our internal security policy. All backup files are encrypted at rest.

Daily Backups

We backup Commusoft daily for all systems.

Compliance

Commusoft operate a PCI DSS compliant network. This is a security standard developed by the card industry to make sure payment transactions online are kept safe and secure. This standard requires regular audits of Commusoft’s internal security policies, as well as our production environment.

Commusoft undertake quarterly scans of our network to identify vulnerabilities, as well as subscribing to the latest patches and updates to both the Linux operating system and other key components of the Commusoft infrastructure.

External yearly penetration testing is performed by an industry-leading security company designed to stress test the Commusoft network and application, helping to keep your data secure and the Commusoft system operating correctly at all times.

  • PCI compliant network
  • PCI level 1 compliant network
  • ISO27001 compliance (Coming Soon)

GDPR & Data Protection

Commusoft complies with European data protection law allowing our clients to be GDPR compliant. All clients are provided with contracts that meet our obligations under GDPR as data processors.