Confidence comes as standard
2 Factor Authentication
All opexo customers are provided with 2 factor authentication (2FA) for passwords as standard. All of our staff operate with 2FA on (where offered) in their day-to-day work on the opexo service.
2FA is essentially an additional layer of security that wraps around passwords, usernames, logins and online security. In a nutshell, it ensures confidentiality by making sure you are who you say you are when you log into an online account.
2FA works by requiring the user to enter more details than a simple username and password. These details come in the form of an additional piece of information that only that user will have. This is often a physical hardware token, like a fob or card reader you might receive from your bank, or SMS messages and email codes. More recently though, we have seen digital versions of 2 step verification, like the Google Authenticator, which generates a unique key via an app.
UKAS Certified ISO 27001
Alliantist, the organisation behind opexo, is UKAS certified for ISO 27001: 2013, (registration number IMS UK/01/1024328520). That scope covers our whole organisation, the people in it and our services including opexo.
In terms of the supply chain, our data centre partners are also world class and have the same or equivalent accreditations too. Data is stored in UK datacentres. Other suppliers that need to, also have their own certified ISMS or follow our policies and controls.
The platform undergoes a penetration test at least once a year in line with CHECK testing standards. The platform also has further tests whenever there is a material change.
A penetration test, or pen test, is a simulated attack on a computer system. This test is carried out by an authorised third party company in order to ensure that the platform can withstand a real-life security threat.
In the unlikely event that things go wrong, you can be confident that we have taken out all of the necessary insurances including, Professional Indemnity for Technology Companies, Public and Products Liability, Employers’ Liability, as well as Cyber and Data Crisis Containment.
The organisation has achieved Cyber Essentials certification in line with the IASME standard.
GDPR & the Data Protection Act 2018
We are compliant with the General Data Protection Regulations, which demonstrates that we handle personal data responsibly and in accordance with the law.
The GDPR updates the Data Protection Act and is regulated by the Information Commissioner’s office. GDPR gives greater power to the consumer over the circumstances of the collection of their personal data, and what happens to it after that.
Pan UK Government Accreditation and PSN Certification
Alliantist, the organisation behind opexo, also delivers services to meet high levels of information security which means our overall practices go beyond the scope of ISO 27001. In fact, Alliantist was the only supplier of its type that achieved Pan UK Government Accreditation for its government clients when that was required for early GCloud frameworks. We still work to those high standards and hold PSN Certification.
We have also met the requirements for the original HMG Security Policy Framework and the related policies and controls as part of the pan-government accreditation of another product in the Alliantist suite, the pam platform and ISMS.online. These include undertaking Baseline Personnel Security Standard (BPSS) checks and other vetting on new hires in addition to the other UKAS certified ISO 27001:2013.