How do we ensure the data that we process for our customers is secure and protected? It’s one of the most common questions we’re asked, whichever market we’re working in. So, let us explain.
Since 2001, we have stringently adhered to the latest frameworks and cyber security requirements that exist to safeguard customers and ensure best practice among suppliers like us. We also hold accreditations in the UK that acknowledge the importance of data security and how to be a responsible supplier, which we implement across markets, including Constructionline Gold.
To provide a well-recognised example, we currently adhere to ISO 27001, an international standard that helps organisations manage their information security. This standard provides a framework for establishing, implementing, and maintaining an Information Security Management System (ISMS). At MSite, we are currently using the 2019 version of the standard, but we are in the process of upgrading to align with the updated 2022 standard.
Additionally, we adhere to the ISO 9001 Quality Management System, which ensures we maintain high performance standards, meet stakeholder expectations, and develop our platform to the highest quality, thereby maintaining both security and performance. Our processes are audited annually by external bodies, such as the British Assessment Bureau, ensuring we are held accountable to these rigorous standards.
What our customers need, want and expect is at the forefront of our approach to data protection, so any change to our processes and products are assessed against these key considerations. We don’t just cover ourselves, we work to ensure customers are compliant with the regulatory bodies and clients that inspect them too.
In short, compliance and care are central to everything we do.
We have experts on hand in all markets that we operate in to support us with relevant data protection regulations – from CCPA in the US to GDPR in Europe. This ensures that why and how we process each piece of data is very carefully considered, which is especially important in countries with regionalized legislation. The rate of digitalisation differs from industry to industry as well as region to region, so we must support clients to make the most of new technologies and the power of data at the same time as ensuring compliance.
One of our key aims is to increase customer confidence, regardless of the quantity of data which is being processed. There are several things we do to support this, such as:
- Only collecting essential personal data
- All data is encrypted in transit and at rest
- Limiting data sent to on site devices – reducing the risk of lost data should a device be stolen or misplaced
- Automatic data deletion – where devices are compatible, and circumstances require action
- Storing all data with a trusted & accredited global cloud service provider
- Not storing original biometric data. Instead, we use an encrypted template which cannot be reversed engineered and is only stored on the device or devices that a data subject is required to use.
With each client, we continually work collaboratively with individuals such as data protection officers to establish the best set up. Part of this process will include decisions on options such as multi-factor authentication and single-sign on, to ensure only the correct users have access to confidential systems and data, and anybody departing a business has their access revoked quickly. There are also various user rights which can be created to ensure different people are granted different permissions dependent on their roles, which customers can own and control with our support and training where needed.
Compliance touches all parts of a business – from marketing to operations – so we work closely with customers to use our systems to their full potential, while developing new software and solutions if an opportunity is identified to improve or industry movements like the Building Safety Act in the UK influence wider changes. Meanwhile, we are continuously training our staff to make sure we have professionals with the necessary expertise for every project, problem or situation.