Data Privacy Policy

Our commitment to you

The importance of data security

1st Easy recognise the importance of data security, it has always been at the heart of our procedures and policies, having evolved from 1999 as an ecommerce hosting company, where critical and sensitive information has been stored on our servers.

Data privacy outline

The following information outlines the lengths 1st Easy go to, in order to protect customer data and ensure procedures are in place via our WEEE compliance and ISO9001 policies, to prevent data leakage from our organisation and online infrastructures.

    WEEE directive compliance

     

    1st Easy complies fully with the WEEE directive on electrical equipment.

     

    • All end of life cloud host, dedicated and shared servers are first data scrubbed within the datacentre using DBAN v2.7, prior to removal.
    • On return to our offices, they then get destroyed by an external data destruction company to ensure WEEE compliance.
    • The data destruction company issue certificates of compliance on the said equipment.
    • Our ISO9001 audited procedures ensure staff carry out the above procedures correctly and in a timely manner.

    Network protection

     

    1st Easy has been in business for 16 years, during which time, no serious breach of its networks has occurred as a result of poor configurations or password leakage / weaknesses. 1st Easy have developed extensive protection equipment to deal with the ever increasing challenges of presenting data on the Internet

     

    • Anti-DDoS appliances: provide wire speed protection our core network delivery from intrusion and denial of service attacks
    • Cisco ASA border firewalls: provide customers with free wire speed isolation protection and lock down of dedicated and cloud servers, be it from specific office IP addresses or port level restrictions
    • Juniper M7i border routers: ensure wire speed access to data and also provide additional filtering of undesirable access attempts
    • VLAN segmentation: ensures our large scale network is broken down into smaller network “subnets”, to avoid cross network internal attacks, should a server be cracked or be used in an abusive way by a rogue customer
    • MRTG monitoring: of all switches in our networks ensure a heads up to unusual network activity, which can then be followed up with the customer to confirm or deny legitimacy of the traffic and perform further investigation at server level, should the customer not be aware of the reason for such traffic

    Cloud data security

     

    We often get asked how safe our data is in the cloud. The answer is, it is actually more safe than other platforms, such as shared hosting, dedicated servers or customer owned equipment collocated in our data centres.

    The reasons for this are explained in the bullet points below.

     

    • We use the highest known security cloud platform, VMware™ and their entire stack of software, to deliver our cloud solutions. This technology is used by over 95% of FTSE 100 companies, including banks and insurance companies, endorsing it as a secure and viable platform on which to entrust customer data on
    • With investments in network security described in the Network Security tab to the left, customers benefit from our economies of scale, that would otherwise be unaffordable generally to a single customer
    • Cloud Data Centre (cDC) software technologies of VMware, totally isolate virtual machines and software defined networks, between one cloud customer and another, within the overall cloud platform. Combined with each customer having their own software firewall, vShield Edge, this actually provides a higher level of security and isolation, than dedicated servers (that sit on the same networks) and colocation, that could be accessed physically

     

    Employee security procedures

     

    One of the important aspects of our security and data protection revolves around our employees. Here’s what we do to prevent an employee doing something they shouldn’t, either during their role at 1st Easy, or on leaving the company for whatever reason.

     

    • Our host management system is fully PCI-DSS compliant and 3rd party audited on a quarterly basis by Security Metrics, a reputable PCI-DSS auditing company, recommended by Barclaycard to 1st Easy
    • Each employer has separate user name and password access to the host management system, ensuring such employees as required, can be refused access at any point in time
    • We have our employees security checked prior to employment and take references from previous employers (where applicable)
    • We ensure our employees sign a legally binding contract, that prevents them from discussing or disclosing customers and customer data at any point
    • We do not have root or administrative access to cloud or dedicated servers, should customers request it
    • Cloud servers are technically not accessible from a data perspective, from the cloud host servers
    • All client desktop devices (including in Finance, Marketing, Sales and Support) are Apple iMacs or MacBooks, with no Windows desktops in house. This minimises common virus techniques that are yet to hit the Mac OS X operating system environment and provide a more secure in-house operational platform
Still have concerns over data security?

If you are still unsure how safe your data will be with 1st Easy, please feel free to contact us by emailing support@1steasy.com, or calling our main telephone number.

Like what you see and want to speak to a professional advisor?

Call us now: 0808 222 2221