Security Factsheet

ISO27001:2013 Information Security Management System

dataXchange is an information management system which meets the requirements of ISO 27001:2013. The system is certified by the British Assessment Bureau (Certificate No: 211778).

Amazon S3 Data Centres

Your files are stored on servers in Amazon S3 Data Centres. Amazon S3 is designed to provide 99.999999999% durability of objects over a given year. This durability level corresponds to an average annual expected loss of 0.000000001% of objects. For example, if you store 10,000 objects with Amazon S3, you can on average expect to incur a loss of a single object once every 10,000,000 years.

Staff / Employees

Background verification checks are performed on all dataXchange staff and they all are active participants in our ISO 27001 Information Security Management System.

Penetration Testing

dataXchange undergoes regular penetration testing. All our security assessments are performed by external security consultants, using UK industry-approved methodologies (NIST, OWASP, PTES) that meet or exceed the requirements set by regulatory & compliance standards such as PCI DSS 3.2.

Data Protection & Encryption

dataXchange provides end-to-end AES 256 military grade encryption to ensure your data is protected in transit (as it travels to and from dataXchange) and at rest (while it is stored within dataXchange). Your files are encrypted on upload and download from dataXchange, by using HTTPS. At rest, your files are encrypted using AES 256 encryption within Amazon S3 data centres.

Password Security

Passwords are not available to anyone but the intended user. In the event a password is forgotten, users can request a new auto-generated password.

  1. Password Format - Minimum 8 characters, Alpha Numeric with Mixed Case
  2. Authentication Throttling - After 3 unsuccessful password attempts, account locks out for 5 minutes
  3. Inactivity - After 60 minutes of inactivity users are automatically logged out
  4. Browser Close – Users are automatically logged out when your web browser is closed,

Minimisation

Users control when files are deleted from dataXchange on upload, however these can be manually deleted by users. Data cannot be stored for more than 60 days.

Additional User Security Tips

Additional measures can be taken by clients to keep data transfers as secure as possible, including:

  1. Encrypting your own data or using password protected zip files, which is effectively double-encrypting
  2. Users should not share their passwords
  3. Don’t use browser password remember functions
  4. Log out of dataXchange when not in use
  5. Delete files in dataXchange when they are no longer needed

Security Certifications

ISO 27001
© dataXchange. All rights reserved.