Security Policy

 
 

Data Centre Security

Pyro.Solutions products are hosted on Amazon Web Services (AWS), a global leader in Infrastructure as a Service (IaaS). Amazon take physical and network security very seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.

Amazon maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. Their reports can be found on the AWS Compliance website and you can read more about the specifics of their approach at https://aws.amazon.com/security/.

Data Encryption In Transit & At Rest

Pyro.Solutions supports the latest recommended secure protocols to encrypt data in transit and at rest. We work hard to maintain best practices for encryption and disable support for older encryption standards that are no longer considered strong.

Access Control

Our team do not have access to login to your account. We have strict levels of authorisation in place. We run two factor authentication for all critical elements of our service. 

Assistance & Diagnostics

On rare occasions, it may be that we can better assist in investigating a problem for you, we may be able to access some part of your data in readable form. We would always ask your permission before taking this action and the process requires authorization and co-ordination across multiple personal and security layers internally.

Internal Controls

Keeping systems safe is part of our daily life at Pyro.Solutions. We have strict internal processes to keep our team and their kit safe, to protect our assets, and to limit access to sensitive systems and infrastructure to key staff on a needs-only basis.

Monitoring 

Our monitoring alerts us to any trouble and we have staff on-call at all times to quickly resolve unexpected incidents. We monitor security advisories and other security community output closely. We work promptly to upgrade the service to respond to potential new threats and vulnerabilities as they are discovered. We work with specialists on a regular basis to undertake systems penetration testing and source code reviews.

Training

All staff are required to adhere to ‘UK GDPR’ and ‘DPA 2018’ and maintain their knowledge to a high standard through training and events.

Deletion

We retain data for as long as required to provide the Services to you. Where data is transferred to us, it is deleted upon the satisfactory completion and acknowledgement of the Service by the client. Any data uploaded to our platforms that are deleted by the user is immediately deleted, no element remains or backups created. 

Contact Us

For concerns that are urgent or sensitive, please email us on our sensitive support channel team@pyro.solutions so that it can be handled promptly.