RapidLEI platform security

RapidLEI adheres to the highest industry standards for security for acquired data, with strict controls around where is it processed, stored, transformed and archived for audit purposes.

Physical Security

• The RapidLEI platform is hosted in a United Kingdom Tier 3 Data Centre which is ISO 27001, PCI DSS certified and a UK National Cyber Security Centre (NCSC) ready environment.
• Physical security consists of 24×7 CCTV, perimeter fencing with anti-ram bollards and 24×7 on-site security personnel.
• Access to the Data Centre can only be obtained by pre-booking and on production of government issued photographic identification.
• Data Centre floor access is controlled via Biometrics and/or PAC card. To access the Data Centre area all personnel must also first pass through a “man trap”.

Cooling, Power & Fire Protection

• Data Centre cooling is continually monitored via temperature and humidity sensors to ensure the optimum temperature is maintained throughout the data halls.
• Power backup consists of a site wide battery-based UPS system with Backup Generators and on-site capacity for a minimum of 48 hours continuous running.
• In the event of prolonged failure of Grid Power, priority supply agreements are in place to provide fuel for the backup generators.
• UPS and Backup Generators are tested on a monthly basis.
• Fire protection is provided via ionisation and optical detectors in suites, roof cavities and sub-floors.
• A Highly Sensitive Smoke Detection (HSSD) System is also in place to detect fires before they flare.

Hosting Environment

• The RapidLEI platform is hosted on a fully redundant managed hosting platform.
• All elements of the RapidLEI platform servers, storage, network & security devices and applications are provided by industry leading tier 1 vendors.
• The RapidLEI platform has been designed from the outset to provide the highest levels of uptime, performance and security.

Security

• Multiple-layers of security are utilised, including endpoint protection, next generation firewalls & application firewalls with comprehensive reporting and monitoring. Products from multiple vendors are utilised in accordance with Best Practices.
• Data “in flight” to/from the RapidLEI servers is secured with 256-bit encryption, data at rest in on-site and off-site back-ups is also secured with 256-bit encryption.
• Access Control to vetting and validation data uses RBAC permissions allocated on the principles of least privilege.
• Terms of service contracts are Digitally Signed and timestamped

Data Protection

• The RapidLEI platform is backed up on a 15-minute basis to both a local on-site and remote off-site Data Centre.
• All backup data is encrypted using AES 256-bit encryption at both rest and in transit.
• An automated full system recovery is performed once every 24 hours to ensure the integrity of the backed-up data.
• In the event of a failure of the primary hosting systems or Data Centre environment, RapidLEI can be recovered in either the primary or secondary Data Centre to separate isolated recovery systems.
• Disaster Recovery processes are regularly tested and any improvements to the process implemented and then re-tested.

Third Party Accreditations

• RapidLEI is the marketing brand of Ubisecure Oy. Ubisecure Oy is GLEIF Accredited, and its Information Security Management System is ISO 27001 certified.
• The software development environment is ISO 9001:2015 certified.