Our Infrastructure

You will want to be assured that your data is safe; so we have taken steps to secure your data, such as regular independent penetration testing. We also work with a large number of Local Authorities on their SEND Services and have passed many sets of security assessments.

To ensure your protection, we comply fully with the UK GDPR (Jan 2021) incorporating DPA 2018; Charitylog is accredited to ISO27001 Information Security Standard and is registered with the Information Commissioners Office. Similarly we have Cyber Essentials Plus accreditation, which is reviewed and audited annually.

We are also accredited to ISO9001 International Quality Management Standard.

  • Thawte logo
  • Cyber Essentials Plus logo
  • ISO 9001 logo
  • ISO 27001 logo

In addition, Charitylog is fully web based, which means that no information is held on your local computers, servers and laptops. The data is held in a highly secure data centre in the UK operated by AWS and Rackspace, both of whom are also accredited to ISO27001 Information Security Standard.

As the information is never stored on your premises you are also protected from losses through fire, flooding, burglary or equipment breakdown.

Each piece of information is accessed through rigorous security systems which make sure only the right people get to see each piece of information. You can control which items of data can be seen by which users - a fundamental requirement when meeting your GDPR* compliance standards.

When accessing Charitylog, you do so using SSL, the standard encryption process which protects data in transmission from the server to your computer.

For more information about how you can control access to data in the CRM, see User Security.

* GDPR: UK GDPR (Jan 2021) incorporating DPA 2018