Data security at Fair Finance
We take protecting our clients’ data seriously. There are a number of steps that we use to ensure that everything that you share with us is secure and is held in the strictest of confidence. Some of the measures that we have in place are:
- 1) We’re Cyber Essentials Certified
- 2) Our website uses SSL Certificates to encrypt information you share with us
- 3) Our application form is powered and hosted by Microsoft, with a large array of security measures in place
- 4) Our My Account portal is powered and hosted by Anchor Computer Systems Ltd, a certified ISO27001 (Information Security Management) organisation.
- 6) All of our staff undergo data protection training each year
If you’re worried about your own cyber security, we recommend that you visit get safe online for lots of useful tips and advice.
Here’s a bit more about the technical measures we have in place to protect your data:
To ensure that we maintain internal security we have attained a Cyber Essentials certificate.
Cyber Essentials is a simple but effective Government backed scheme that aims to protect organisations, whatever their size, against a whole range of the most common cyber attacks. Certification gives you peace of mind that our defences will protect your data against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.
For more information on Cyber Essentials visit cyberessentials.ncsc.gov.uk
We have officially registered SSL Certificates attached to all pages on our website and application form.What is a Security Certificate?
When you go to a site that uses HTTPS (connection security), the website uses a certificate to prove the website's identity to browsers. To help you stay safe on the web, browsers require websites to use certificates from trusted organisations.What is HTTPS?
The main function of HTTPS is the authentication of an accessed website and the privacy of exchanged data. The encryption of communications between a user and a website protects against eavesdropping and tampering of the communications. In practice, this provides a reasonable confidence that you are communicating without interference by attackers with the website that you intended to communicate with, as opposed to an impostor.How can you check for a security certificate?
You can check whether a website has a valid security certificate by looking for the padlock as shown in the below image.
As well as the padlock you may see some other icons. These symbols let you know how safe it is to visit and use a site. They tell you if a site has a security certificate, if the browser trusts that certificate, and if the browser has a private connection with a site.
What each icon means:
Secure: Information you send or receive through the site is private.
The site isn't using a private connection. Someone might be able to see or change the information you send or receive through this site.
On some sites, you can visit a more secure version of the page:
- 1. Select the address bar.
- 2. Delete http://, and enter https:// instead
/ It is recommended that you don't enter any private or personal information on this page. If possible, don't use the site. Something is severely wrong with the privacy of this site’s connection. If you see a full-page red warning screen, the site has been flagged as unsafe
Microsoft hosted application form
We use a system called Microsoft Dynamics 365 to process applications and review cases. The following are some of the steps that Microsoft takes to ensure that data is held securely:
- • Dynamics 365 uses encryption to protect your data. Connections established between Fair Finance and Microsoft datacenters are encrypted, and public endpoints are secured using industry-standard Security.
- • Microsoft provide each organization using Dynamics 365 with its own logically isolated data repository to maximize the security and integrity of your data.
- • Dynamics 365 leverages the Microsoft Cyber Defense Operations Center (CDOC), which brings together security response experts from across the company to help protect, detect and respond 24x7 to security threats against our infrastructure and services in real-time.
- • For more information on Dynamics 365 security visit www.microsoft.com/en-us/trustcenter/security/dynamics365-security
My Account Portal
The My Account portal is hosted by Anchor Computer Systems Ltd. Anchor Computer Systems Ltd is ISO27001 certified, meaning they meet internationally agreed standards on information security management. Its best-practice approach helps organisations manage their information security by addressing people and processes as well as technology.
Certification to the Standard is independently accredited and recognised around the world as an indication that an organisation’s information security management is aligned with information security best practice.
This includes robust on-going measures to identify and address security risks including information security risk assessments and frequent penetration testing, a wide range of controls and plans to ensure information security across the organisation, continual review and improvement of information security management and a regular audit programme.
The My Account portal does not store personal data of any kind and communications between the portal and the underlying data store are all encrypted by HTTPS.