DATA SECURITY
We are engaged in providing trusted outsourcing accounting services at incredible prices to solve your issues on the growth of your business. When you outsource your business services and get the work done from a faraway place, it should be in the right hands and there must be enough protection to safeguard your data. Naturally you have to be concerned about the privacy of your data.
The protection of your data is the single most important factor in our business. We are aware of your concerns and the data security regulations. That is why we take every possible care to guarantee absolute confidentiality of your data and your 100% peace of mind.
First of all, we are a UK limited company with offices in London and we adhere to data protection and confidentiality regulations in the UK. Let us look at some of the security measures we use.
Office Security
-
Full-time security guards at our offices
-
Disaster recovery plans to ensure uninterrupted service for all our offices
-
Bio-metric fingerprint reader system to restrict access
-
Disaster recovery procedures in all our offices, backing up all your data to secure servers in USA & Europe
-
CCTV overlooking all computer stations
Systems & Servers Security
​​
-
Online file transfer system with 256-bit encryption.
-
No printers, USB pen drives and CD/DVDs in the office
-
All our systems are access restricted by multiple levels of password protection
-
Our high security servers are managed from data centers in the USA & Europe
-
Activity monitoring software is installed in all our computers
Staff Security
-
Online file transfer system with 256-bit encryption.
-
Independent security clearance for every staff employee.
-
NDA (Non-disclosure agreement) signed by every staff member
-
Screening before employment
-
Extensive data confidentially training
As you can see, we have comprehensive data security measures to ensure the protection of your data. Periodically we carry out complete security audits to ensure our standards are continually maintained. When you decide to outsource your bookkeeping to us, you can be assured that you will get the highest possible security for your data.
GDPR Compliance
GDPR Compliance (EU General Data Protection Regulation)
On 25 May 2018, the GDPR (General Data Protection Regulation) came into force. This new data protection regulation affects all businesses that operate in Europe and handle personal data, in any sector and regardless of their country of origin. Companies will have to be transparent about how they collect, process, and keep this data.
​
GDPR brings data protection law into line with technological developments which have impacted on the way organisations and consumers interact.
Amber Business Solutions carefully considers the protection of all personal data that flows into and outside our organisation and we have substantially invested on all areas in preparing for the implementation of the new data protection regime. We respect the need for us to process our customer’s data and keep it secure in accordance with the GDPR rules. We understand our role as both data controller and data processor depending on the way personal data is made available to us.
Data protection act and GDPR compliance
Many of the GDPR’s main concepts and principles are much the same as those in the UK data protection act to which Amber strictly adheres to. Our approach to data protection and compliance will remain valid under the new GDPR regulations.
The GDPR builds on the existing data protection regime by introducing new aspects such as the accountability principle, increased rights for data subjects, direct obligations on data processors and new rules around data breach notifications.
Although the key principles of data protection still hold true to the previous directive, some changes have been made to the regulatory policies. The key points and differentiating factors of the GDPR directive are
​
-
Secure storage and handling of data
-
Right to be informed
-
Right to delete information
-
Limit the purpose of your information
-
Consent
Secure data storage and handling
We have taken extensive steps to protect and handle your information. The following are the various points that we have undertaken to ensure the security of your data.
​
Physical and Environmental Controls
​
-
24/7 security guards at our building
-
Finger print scanner access doors to prevent entry of un-authorized personnel
-
Computing equipment in access-controlled areas
-
Humidity and temperature control with alarm placed in server rooms
-
Diesel generators power back up with on-site diesel fuel storage
​
Operational Security Controls
​
-
High-end firewall gateway which provides security, web control, and application control.
-
Symantec end point protection is used to prevent, detect, and eradicate malware along with device control.
-
Connected to the Internet from multiple Internet Service Providers served from multiple telecommunication provider Points of Presence.
-
Information Security staff monitors notification from various internal systems.
-
Active Directory Authentication is used for User access control and network access.
-
Restricted Internet access
-
Our high security servers are managed from USA & Europe data centers
-
No removable drives (CD/DVD) in the operations floor
-
Activity monitoring software is installed in all our computers
-
All our systems are access restricted by multiple levels of password protection
-
No printers, USB based pen devices and DVD/CD drives on the work floor
-
Computer networks are safe guarded by many levels of software
-
Your information is used only to process the tasks that you have assigned to our staff
​
Human Resources
​
-
NDA (Non-disclosure agreement) signed by every staff member
-
Independent screening and background checks before employment
-
Extensive data confidentiality training as per ISO 27001 standards
-
No mobile phones are allowed inside offices and kept in lockers outside
​
Right to be informed
-
The information that you provide for processing and completing your work tasks will only be used by Integra and its operations branch in India
-
This information will be used by our staff who will perform the project tasks assigned and agreed upon by both parties
-
Your information will not be shared with any third-party companies
Right to delete information
-
You can also choose to delete your process/project data whenever during the period you are using our services.
-
This information will only be stored as long as you are a client of ours and will be deleted when you stop using our services.
Limiting the purpose of your information
-
Your project/task information will only be used to perform the tasks that you have agreed to send to us and have signed an agreement with us on.
Consent
-
Our service agreement clearly states in which of our offices your projects tasks will be processed, and data will be handled. You are given the option to agree to this or not.
-
In addition to the standard service agreement, we will also provide you with a detailed data processing agreement compliant to GDPR
-
You can withdraw the consent to any of this agreement, whenever you chose to