Effective use of data is not only important to our customers - it’s also critical to us as a business.
We work with a team of specialists to ensure we can provide our customers the assurance they need that their data and information is safe and secure. We continually work towards operational excellence and meeting ISO 27001 security standards.
We have the best practice controls in place to protect your data.
We offer transparency about how we do business.
We work with independent advisers, consultants and auditors to ensure we meet the ISO standards.
We run external security audits run on a quarterly basis.
gather360 stores passwords using the bcrypt hashing function and allows 2FA (two-factor authentication).
gather360 services and data are hosted in Microsoft Azure facilities in the EU.
The gather360 platform and associated services were built with disaster recovery in mind our data is hosted across multiple regions in the EU which ensures business continuity with minimal downtime.
gather360 have backup policies and procedures in place for datastores that contain customer data.
Access to customer data is limited to authorized employees who require it for their job.
gather360 has 2-factor authentication (2FA) and strong password policies across all its utilities.
gather360 is served 100% over HTTPS using 256-bit encryption.
Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests.
gather360 has procedures in place for security events which includes escalation procedures, rapid mitigation and post mortem.
We have an appointed Data Protection Officer to oversee and advise on our data management
All employees complete Security and Awareness training annually.
gather360 has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
gather360 performs background checks on all new employees in accordance with local laws.
All employee contracts include a confidentiality agreement.