IT Security Statement

IT Commitment

It is Salt’s policy to carry out business safely and in a transparent manner in accordance with relevant data protection laws.

In accordance with the General Data Protection Regulation (EU) 2016/679 (‘GDPR’) that came into effect on 25 May 2018, Salt has updated its data privacy policies:

https://www.welovesalt.com/privacy-policy/

The GDPR is a regulation which aims to harmonize data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organizations can legally operate.

IT security and Privacy by Design are hereby of paramount importance. Salt’s IT security and maintenance is outsourced to a third-party managed services provider (‘MSP’) who provides remote and on-site assistance and is also responsible for hardware procurement. Our MSP and Salt have entered into a valid data processor agreement.

Below we have outlined which IT security requirements Salt have in place by way of providing our customers and candidates with the most frequently asked questions:

 

 Question Answer
Who/What do you use for your Hosting? Our MSP host our emails and documents in Microsoft Office 365. Our in-house server has a shared drive for our accounting department.
What does our MSP do with our data? Our MSP store the data in the Microsoft cloud and/or on our server(s). They back up any data outside of the Microsoft cloud into a number of secure data centres. Data stored in Microsoft Azure is backed up and snapshots are taken by Microsoft. Our MSP also provides admin functions on some customer data as directed by Salt.
Is Salt data segregated? Data in the Microsoft cloud is segregated from other Microsoft customers. Microsoft uses logical isolation to segregate customers to ensure complete confidentiality and separation.
Is traffic encrypted? Data on the Salt network is not encrypted; however, data is kept behind a secure company firewall. Data in the Microsoft cloud is encrypted in transit and at rest.
Is data encrypted? Data in the Microsoft cloud is encrypted in transit and at rest. Our MSP uses IT’s backup Partners (MITOL and Solarwinds) who use encryption (AES256) for all data stored.
Are Salt computers encrypted? Directors, Accounts and HR departments all have their portable devices encrypted through EM+S.
Are Salt’s files or emails encrypted? Office 365 allows Salt to encrypt files within SharePoint using Azure Rights Management.
How are Passwords stored? Our MSP stores all customer passwords in Connectwise. This is an industry standard CRM and Helpdesk system and the data is stored in the Microsoft Cloud. Access to this system is via MFA (Multi-Factor authentication) only and so only authorised personnel are able to access this. Our MSP furthermore has a Password Policy for length and complexity of passwords. Salt furthermore has rules in place regarding the use of passwords.
How does Salt monitor Breaches / How do we monitor unusual activity / How do we report data breaches? Our MSP have a Network Operations team (NOC) who use an industry standard system provided by Solarwinds. In Addition, Microsoft provides alerts and reporting on access and activity. Salt furthermore has a Data Breach Policy in place to adequately manage and report a breach.
What is Salt’s backup policy? Our in-house server has a nightly backup with a 30-day retention. Microsoft data (Office 365) is backed up and retained for 30 days.

All backups are logged and failed backups or missed backups are monitored by the Network Operations Team (NOC).

What is our Disaster Recovery procedure? Our MSP has everything in the cloud in terms of emails, files, remote monitoring, and CRM and Ticketing. Phones are VoIP and so in the event of a disaster, the MSP team would work from home / remote offices.

From a Salt point of view, as we are a Microsoft Office 365 customer and for this reason, we use a cloud-based CRM system, Salt users can work from anywhere in the event of a disaster.

Microsoft has 40+ data centres, as part of Microsoft Office 365, there is multiple site replication.

In addition, Salt has a Disaster Recovery Plan in place which can be requested from the Head of Compliance & Contractor Management.

What training has been provided for GDPR/ IT security? Salt has provided in-house training to their staff on data protection and IT security. Salt has introduced a Code of Conduct that outlines how staff members need to manage data and people’s knowledge is tested by doing a GDPR competency test.
How does Salt protect access to their servers? Microsoft servers are secured via access control. Only authorised personnel are allowed in to Microsoft Data Centres. MITOL and Solarwinds servers are secured via access control. Only authorised personnel are allowed into Microsoft Data Centres.
What Certifications and accreditations do you hold?

 

Our MSP have ITIL and Microsoft trained Staff.

Our MSP partners with a number of suppliers for the hosting, back up and storage of data. Microsoft holds a number of certifications including ISO27001. All of these can be found here:

https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings

Mitol and Solarwinds are also ISO 27001 certified

How does Salt control access to their data? Salt use Office 365 and this is protected by MFA (Multi-Factor authentication). This ensures that staff are the only ones that can log in. Through EM+S we lock down who logs in from where and from which device and this is applicable to all Directors, Accounts and HR departments Office 365 accounts.

 

Who can request information or changes by our MSP? Our MSP defines an approver list at the outset of working with Salt. Only approved users are able to request new users, leavers, password changes from our MSP.

 

 

Hardware, Software, and Networking

Does Salt have a firewall? Our MSP have a DELL Sonicwall in place at their London Office and Salt have a Dell Sonicwall at our London office which is managed by our MSP. Our other offices around the world are situated within serviced offices who have their own firewalls.
Who keeps the firewalls up to date? Our MSP have a Network Operations Team (NOC) who update Firewall firmware on a regular basis.
How are our computers and networks kept secure? Our MSP have a Network Operations Team (NOC) who schedule PC and Server updates each month. Critical updates are rolled out automatically. Our MSP has deployed Bitdefender on all PCs and Servers which provides Anti-Virus protection.

 

Salt also uses Jobscience (Salesforce) as its main CRM database. Salesforce policies regarding data & IT security can be found on www.salesforce.com.

In addition to this IT Security Statement, Salt has rules in place that govern the use of data & IT equipment and these can be found in the below documents which are updated from time:

  • Employee Handbook
  • Code of Conduct
  • Disaster Recovery Plan

If you have any other questions about this IT security statement and/or the use of your (personal) data, please email:

David Korthals

Head of Compliance & Contractor Management.

9 Wootton Street,

SE1 8TG London

GDPR@welovesalt.com

+44 (0)207 928 2525

 

Last updated on 13 November 2018.

 

×
UK

Upload your CV

Upload your CV and one of our consultants will be in touch with you as soon as possible.






Please let us know where you are, or where you would like to be in the world so we can point you in the right direction.

  • Click here to find out more about Salt's Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Cookie Consent×

Salt uses cookies to improve the user experience of our site. Cookies allow you to have a more enhanced journey through the site when searching for a specific job or location. Cookies are also used to help us understand how our site is being used. You can find out more about how Salt uses cookies here. By continuing to use the Salt site you are consenting to use our cookies.

OK