Phase 3 follow the best practice highlighted in the Cyber Essentials and ISO27001 frameworks. Our internal processes ensure our data processing is handled extremely sensitively given the highly confidential nature of the data we process. Our team are regularly trained and updated on cyber security and our processes rely on Microsoft and SFTP for the transfer of data depending on the client’s preference. All of our teams have complex passwords, two factor authentication and regular updates on passwords.
Additionally, our supply chain management process ensures that any supplier of Phase 3 software or services adheres to the same level of standards that we expect. In particular with our cloud-based payroll software our suppliers are regularly audited by Phase 3 and external auditors to ensure their data security practices and controls are robust and penetration testing is carried out regularly and the reporting reviewed.
We are aware that the point of file transfer is a common vulnerability if not managed correctly. Our teams utilise the Microsoft Azure Guest Access to grant access to a named shared folder within our network and create users with two factor authentication to share data, once shared the data is removed from the shared files.
For clients who prefer SFTP transfer, we have SFTP sites created to share data which again is wiped following the transfer of the data to reduce the potential for unauthorised access.
Phase 3 also have a detailed Cyber Attack Response plan and a supplier to assist with a security incident response plan should the worst ever happen.
