Data is one of the most valuable assets an organisation has. That's why our top priority is delivering a comprehensive, high-performance solution with a focus on keeping our customers' data safe and secure.

DutySheet is ISO 27001:2013 certified. This is the international standard for Information Security Management. It provides a best practice framework for companies to comply with confidentiality, integrity and legal compliance, providing confidence that the appropriate controls and policies are in place to safeguard data. In achieving this standard, DutySheet has now further validated its internal processes, software as a service solutions and technical support as well as effectively demonstrated its capabilities to sufficiently protect customer data.

DutySheet's servers are hosted in ISO 27001 data centres that feature 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant power, each with UPS and backup generators. All systems, networked devices, and circuits are constantly monitored by both DutySheet and the data centre provider.

All communications with DutySheet servers are encrypted using industry standard SSL.

All access to data within DutySheet is restricted by access rights, authenticated by username and password. Your DutySheet instance administrator can define granular access privileges using roles based permissions.

Our security architecture ensures segregation of customer data and additional access controls include network IP restrictions.

DutySheet is registered with the information commissioner under registration number Z9806829.

The DutySheet application maintains a robust application audit log to include all security events such as user logins or configuration changes. Additionally, DutySheet follows secure credential storage best practices by storing passwords using the (salted) hash function.

DutySheet and its supporting infrastructure is frequently reviewed for potentially harmful vulnerabilities. We use industry-recognised, third-party security specialists who hold CREST CHECK and Tiger Scheme Credentials, enterprise-class security solutions, and custom in-house tools to regularly analyse the application and production infrastructure to ensure that any vulnerabilities are identified and swiftly mitigated. We employ a number of third-party, qualified security tools to provide both regular dynamic and scanning of our application.