Clients and potential clients often ask how and where we host our data. The information below gives a high-level overview of our arrangements. 

It is worth mentioning though that whilst we take our security very seriously, our primary defence is that fundamentally the client data hosted by Passle is publicly available. Data is given to us in order that we share it. 

Data Security

• All of our data is stored on Amazon Web Services (AWS). AWS is ISO 27001 certified, which is a widely-recognized international security standard which requires the following best practises to be adhered to:
• Systematically evaluate information security risks, taking into account the impact of company threats and vulnerabilitiesDesign and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
• Adopt an overarching management process to ensure that the information security controls meet information security needs on an ongoing basis 

Our architecture is designed such that the web servers are in the same AWS region as the databases with which they are communicating, which means all communication is over the AWS internal network. AWS provides a good deal of network security infrastructure to isolate tenants, which prevents “sniffing” of traffic sent between the web servers and the databases. 

Encryption

All data submitted to Passle.net is encrypted in transit using HTTPS. Passwords are permanently encrypted at the earliest opportunity before being saved to the database.  

Data access

Access to user information is only granted to employees who require it in order for us to provide the service that we provide. There is no access to passwords for anyone, including Passle employees. We do not hold any sensitive or confidential personal data, almost all of the data which our users store in their Passle account is information that is intended to be shared publicly. 

Security strategy

Passle's security arrangements are reviewed regularly at management meetings, and when applicable changes are made to ensure our security strategy is robust and up to date.