Data is one of the most valuable assets an organisation has. That's why our top priority is delivering a comprehensive, high-performance solution with a focus on keeping our customers' data safe and secure.

DutySheets servers are hosted in ISO 27001 data centres that feature 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant power, each with UPS and backup generators. All systems, networked devices, and circuits are constantly monitored by both DutySheet and the data centre provider.

All communications with DutySheet servers are encrypted using industry standard SSL.

All access to data within DutySheet is restricted by access rights, authenticated by username and password. Your DutySheet instance administrator can define granular access privileges using roles based permissions.

Our security architecture ensures segregation of customer data and additional access controls include network IP restrictions.

DutySheet is registered with the information commissioner under registration number Z9806829.

The DutySheet application maintains a robust application audit log to include all security events such as user logins or configuration changes. Additionally, DutySheet follows secure credential storage best practices by storing passwords using the (salted) hash function.

DutySheet and its supporting infrastructure is frequently reviewed for potentially harmful vulnerabilities. We use industry-recognised, third-party security specialists who hold CREST CHECK and Tiger Scheme Credentials, enterprise-class security solutions, and custom in-house tools to regularly analyse the application and production infrastructure to ensure that any vulnerabilities are identified and swiftly mitigated. We employ a number of third-party, qualified security tools to provide both regular dynamic and scanning of our application.