I’m proud to announce that Emailcenter has been awarded our ISO 27001 certification for information security management this week.
Security has always been important to Emailcenter as we understand that we are custodians of one of our clients’ most important assets – their data.
Happily, our security and data management processes were already very good, so there were very few changes that we needed to make to implement the processes and documentation required by the standards.
The ISO standard covers everything from physical security like locks on the doors to our offices, to electronic data security like not transferring client data over insecure methods, and process control such as induction and security training for new team members.
Security By Design
Of course, for Emailcenter, one of the most important areas of security is that of our own software. We go through a rigorous testing process for every change we make and release, and any version of Maxemail we release every 4 weeks may include minor tweaks to keep us in our best possible position.
Any upload or download of data our clients make directly through our application has always been over a secure connection. Some clients may have also noticed some other changes we’ve made over the last year or two to help avoid potential security issues:
- We’ve removed the ability to import data on schedule via insecure methods like HTTP URLs and FTP sites, in favour of secure methods like HTTPS and SFTP or FTPS
- Maxemail alerts the client administrator when data is downloaded by a client colleague or Emailcenter team member
- All our click-through tracking URLs are encrypted by default
- If Maxemail spots someone using a user account from a new location, we send an email alert in case it’s not expected (avoid this by adding IP restriction to your users!)
- If a user’s password is entered incorrectly three times in a row, they must request a reset to the registered email address or give us a call
- We’ve improved our password validator to an industry standard system to help users create strong passwords
For us, this is an ongoing process. Security is a primary consideration of everything we do. We’ll continue to look for ways that an attacker might try to compromise client data, and step in to make changes to our software and both our own and our clients’ processes where needed.
If you have any queries about security, or want further information about our ISO 27001 compliance, please contact us.