Security

We at Handstand are committed to the security of information. This page provides a high-level overview of our Information Security practices and is provided on our website for informational purposes to our customers and prospective customers.
Handstand understands that the confidentiality, integrity, and availability of our customers’ information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.


We adopt a risk-based approach to Information Security to help us define the value of information and deploy adequate security measures.

Risk Based


Audited

We have implemented an independently audited and certified Information Security Management System on the International Standard ISO 27001 https://handstand.co.uk/certification/


Often default settings are the least secure so, without exception, all infrastructure, systems and services manged by Handstand are implemented to our Secure Configuration Standards which are reviewed on an ongoing basis.

No Defaults


Controls

We deploy layers of security controls to help combat loss of information such as encryption, mobile device management, email protection, phishing prevention and other security software. All these tried and tested solutions are available to our customers to help them combat cybercrime.


Humans are considered to be the weakest link in security. All Handstand staff are provided ongoing awareness training to ensure their knowledge of security is integrated into their skillset. We use a ‘need to know’ approach to ensure that access to specific data is limited to only that which is required to perform their job role. Our staff are independently checked for criminal records, poor credit history and the legal right to work.

Our Staff


Our Suppliers

Don’t forget that data breaches can also be the fault of the partners and vendors we work with. Handstand only chose suppliers with a similar standard to security and that, preferably, are certified to ISO 27001.


At the end of the lifecycle of infrastructure, systems and services managed by Handstand are entirely and irrecoverably destroyed.

Information Disposal


Contact

For any specific incident notifications, questions or supplier audit requests please contact: [email protected].