Articles in this section

Security

Pete Milligan
  • Updated
Follow

 In what country will my data be stored (production environment and back-up/disaster recovery)?

All data is stored within the EU. Currently, all data is stored in UK based data centres.

 

How is data backed up and what security is in place to make sure the system remains secure and the data in Miso remains secure?

All data is written to multiple disks instantly, backed up daily, and stored in multiple locations.

 

Is data encrypted?

Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS. Any files which you upload to us are stored and are encrypted at rest. Case data is also encrypted at rest. Our backups of your data are also encrypted.

 

What security is in place to ensure the system and data are secure?

Servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches.

 

How secure is Azure?

Microsoft’s cloud service has numerous independently verified attestations on its configuration, which aligns closely with industry standards including ISO 27000, NIST 80053, GDPR and others. 

 

Do you use secure keys stores?

We make use of secure key stores to encrypt and control access to sensitive service keys.

 

Can your staff access my data?

Only authorised staff have access to sensitive systems within our tenancy. No staff have standing access to privileged roles, all access to privileged roles is audited.

 

How do you manage network and information security risks related to Miso?

We have the Cyber Essentials certification and we also carry out independent review of our security controls in our tenancy.

 

What security provisions do you have in place? 

All Miso staff are required to follow our IT security terms of use to protect their own personal devices. Keys for sensitive services are held in secure key store. All data is encrypted in transit and at rest. Only authorised personnel have access to sensitive services.

 

Which tasks and incidents remain the responsibility of the user?

The customer is responsible for ensuring the integrity of their account credentials, the device they use to access Miso, and their network.

 

How does the cloud service withstand disasters affecting data centres or connections?

We have redundancies that span more than one data centre region to ensure availability. There will be some downtime if a regional fail-over is necessary.

 

How is security of the cloud service guaranteed when there are legal issues or administrative disputes?

Miso and our hosting providers will comply with any lawful request compelling us to grant access to our users data.

 

How does the provider ensure that staff work securely?

We implement an IT security terms of use. We also monitor personal machines using in tune MDM. We implement numerous security controls in our tenancy to detect and mitigate security threats. We have been certified as compliant with Cyber Essentials by an independent auditor. We carry out independent audits of our security controls.

 

How is customer data or processes protected from unauthorised physical and logical access?

Our servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorised personnel have access to the data centre. 24/7/365 onsite staff provides additional protection against unauthorised entry and security breaches.

Where access to data is granted on presentation of a key, the keys are encrypted and access is only granted to authorised personal and applications. No staff member has routine access to customer data. All use of high privilege roles is audited.

Microsoft’s cloud service has numerous independently verified attestations on its configuration, which aligns closely with industry standards including ISO 27000, NIST 80053, GDPR and others.  

https://www.miso.legal/policies/privacy-policy

 

How is access to the GUI’s and API’s protected?

A customer uses their email and password to access their account. This grants a token that client application uses to access the APIs. 

 

Are there additional measures for administrators/high privilege roles (under the customer’s side)?

There are no high privilege roles in Miso.

 

Which standards make the Miso portable and interoperable?

Miso is not portable. The application implements the HTML and ECMA javascript standards for usage in any compliant browser.

 

 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk