Key Challenges Facing the Sector
Organisations in the Professional Services sector are highly regulated by government legislation and by their professional bodies. The regulation is for the protection of all parties concerned; clients, associates, employees and the organisations themselves. Accurate and comprehensive records need to be made and kept to ensure understanding and agreement by all parties. The information needs to be clear and unequivocal to be of use in dispute resolution. By their nature, such records contain highly sensitive information that must be stored safely and securely.
The introduction of electronic data into professional practices has delivered significant benefits in terms of record keeping and data processing but with it comes the potential of data breaches that are becoming all too prevalent.
Beyond the provision of technology to help improve the way you work, Qubic has a range of services that can help provide you with the layers of security and best practice to keep your information accessible and safe and meet the stringent compliance standards laid out by government and professional bodies.
Compliance & Standards
Each professional body may have slightly different standards but with regard to data, in essence they cover the same ground.
Cloud versus On-Premise
First, Qubic can design, install and support both Cloud and on-premise solutions but in most cases, recommend Cloud solutions for the Professional Services sector. We have met many organisations that have concerns about the security implications of hosting their data – in fact, hosting can provide many security advantages.
The Qubic Cloud
Qubic only uses Tier 3 or higher grade datacentres. These provide high levels of physical security. Site access is restricted to authorised personnel. There are layered security systems starting with fencing, bollards and mantraps. They have camera surveillance and permanent security guards and are now using biometric entry systems. These physical security measures are significantly higher than those of a normal office location.
In addition to these security measures, there are multiple power supplies, multiple circuits, fire suppression systems and environmental controls to keep the server running.
Connectivity to the Could
Qubic provides its range of Think Nexus Connectivity circuits from business broadband to enterprise grade Ethernet circuits. All of our Think Nexus Connectivity circuits go directly to the datacentre without crossing the public internet giving enhanced performance but more importantly, improved security. We can provide circuits across the UK to your offices, remote locations and to the homes of those who regularly need to connect to the system.
We can offer our M2M mobile connections that can provide secure remote connections via mobile that does not cross the public internet but goes straight to the Cloud.
Qubic is accredited to ISO 27001:2013. This is the latest information security standard that was published on the 25th September 2013. This standard was changed significantly from the 2005 version to extend the standard to include outsourcing. This standard means that you can trust Qubic to manage your information in a compliant way in terms of technology and human interaction with your data.
The standard has 114 controls in 14 groups and 35 control objectives;
- A.5: Information security policies (2 controls)
- A.6: Organization of information security (7 controls)
- A.7: Human resource security – (6 controls that are applied before, during, or after employment)
- A.8: Asset management (10 controls)
- A.9: Access control (14 controls)
- A.10: Cryptography (2 controls)
- A.11: Physical and environmental security (15 controls)
- A.12: Operations security (14 controls)
- A.13: Communications security (7 controls)
- A.14: System acquisition, development and maintenance (13 controls)
- A.15: Supplier relationships (5 controls)
- A.16: Information security incident management (7 controls)
- A.17: Information security aspects of business continuity management (4 controls)
- A.18: Compliance; with internal requirements, such as policies, and with external requirements, such as laws (8 controls)
Knowing that your data services company has this standard provides reassurance. Further, if your organisation has, or is in the process of gaining ISO 27001:2013 then having your data service managed by an accredited organisation is required.
Think Nexus Continuity
Think Nexus Continuity provides a series of proactive measures such as; 24/7 monitoring of your entire network, always applying the latest patches and upgrades, installing and updating anti-virus, content filtering and anti-malware measures. We always recommend and support a High-Availability design. We take and store incremental back-ups of the system and data files. We regularly make archive back-ups and will store them securely for as long as is required.
We provide a range of Think Nexus Telephony services designed to meet your specific needs. We provide a secure, compliant voice recording suite that can record every call made to and from the system. Using mobile apps, calls can be made and received through your phone system when using your mobile devices meaning that these calls are also recorded and stored.