What if CertNudge ever suffers a data breach?
We take security extremely seriously. In the unlikely event of a data breach, we have a clear response plan focused on swift action, transparency, and compliance with UK GDPR and ICO requirements.
Our Immediate Response Plan
Notify Authorities
We will notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach, as required by law.
Notify Affected Users
We will directly notify all affected users via email, providing clear details about the nature of the breach, the potential impact, and recommended actions.
Secure Accounts
As a precaution, we will likely enforce a mandatory password reset for all user accounts to ensure security.
Transparency Report
Commitment to Transparency
Following the resolution of any significant incident, we are committed to publishing a clear, non-technical report. This report will summarise what happened, the containment measures taken, and the steps implemented to prevent recurrence. Building and maintaining your trust is paramount.
How We Reduce Breach Risk
Ongoing Security Measures
We employ multiple layers of security to protect your data proactively:
- Encryption: Data is encrypted both 'at rest' (in storage) using AES-256 and 'in transit' (over the internet) using TLS.
- Secure Hosting: Utilising Microsoft Azure's enterprise-grade, UK-based infrastructure.
- Access Controls: Strict role-based access controls and auditing for internal staff.
- Patch Management: Regularly updating all software dependencies and server environments.
- Strong Password Policies: Secure hashing (no plain text storage) as standard.
- 2FA Option: Two-Factor Authentication is available for all users to enhance login security.
Enhance Your Own Security
Recommended Steps
You can further enhance your account security by enabling Two-Factor Authentication (2FA) in your Profile settings. We highly recommend this for all users.