At Dashly we take the security, privacy, and welfare of yours and your clients’ data incredibly seriously. Our Trust Centre is designed to give you an overview of the controls and measures we have in place to safeguard all data within the Dashly Universe.
Platform and Network Security
We perform regular and rigorous security testing on our Platform including, but not limited to:
- Third-party application and network penetration tests, performed by an Independent Security Firm against our entire product suite with fully certified penetration testers.
- Regular vulnerability scans against our application and network.
- We have Automated Threat Detection (name thereat detection used), Web Application Firewalls (name of app firewall), and DDoS protection in place (name of ddos protection).
- We use Google Cloud Platform to automatically update and patch our infrastructure.
- Data is stored, encrypted at rest using a minimum of a 256 bit key via GCP.
- All UK customer data is stored within the GCP London (name of data centre) data centre.
- Backup retention is 30 days, some data retained for longer under Money Laundering and FCA regulations.
- All Data is stored within Google Cloud and no Data is retained or stored on physical devices such as USB memory sticks or computer local drives.
- We have an active asset register for both information and physical assets.
- We use Webroot™ for endpoint security, next generation antivirus and malware protection.
- We leverage multiple DLP strategies using Google Vault.
- All internal access to customer data is limited and provided on a need-to-know basis. Data is only shared via encrypted links and is fully auditable.
- We use NEOS-IT to handle patching of our operating systems and 3rd party software.
- We are CyberEssentials certified (certificate number TBC).
All of our data transfer is handled using the Egnyte platform, which is performed over an FTP (File Transfer Protocol over implicit TLS/SSL) 256-bit AES protocol.
Security Best Practices
- All user passwords are salted and hashed with the scrypt algorithm.
- All sensitive banking data (i.e. bank account), is further encrypted via AES256.
- Multi-factor authentication is active, and Single Sign-on (SSO) is used to cascade access across multiple services where possible for all staf
Compliance & Governance
- All data centres are readily compliant with ISO27001, SOC-1,2,3 PCI-DSS L1 and more.
- We are registered with the FCA, as a Mortgage Intermediary (810720).
- We are registered with the ICO under the UK Data Protection Act (ZA308181).
- All staff complete bi-annual cyber and information security awareness training.
- All staff are Identity & Verification (ID&V) and Disclosure & Barring Service (DBS) checked, key staff are run through additional security checks.