A Secure and Trusted Partner

When you’re sharing employee data and other potentially sensitive information with people outside of your organisation, you want to know that it’s processed and stored securely.

At Ellis Whittam, we take a stringent approach to data privacy and have robust systems in place to ensure confidentiality, integrity and availability.

Get your FREE consultation

Submit your details and one of our team will be in touch.

Application security

Encryption

All our web portals use HTTPS encryption, which means connections between you and our portal are protected using the latest TLS encryption.

Web firewalls

Our firewalls and DDoS attack prevention technologies defend against application attacks such as SQL injection, cross-site scripting attacks and session hijacks. Our firewalls handle threats identified by the Open Web Security Project common vulnerabilities.

Cloud

Data centre and hosting

Our applications are hosted within Microsoft Azure cloud services. Microsoft Azure provides ISO 27001 HIPAA, FedRAMP, SOC 1 and SOC 2 certifications. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.

Patch management

Our patch management process ensures that all our machines and workstations are quickly updated with the latest security fixes. We run regular auditing of our infrastructure and devices.

Penetration testing

We undertake penetration testing on all our applications and external infrastructure regularly to identify potential vulnerabilities.

Data privacy

Your data will be securely stored in our applications and ring-fenced from other customers’ data.

We use application roles to ensure only the appropriate departments have access. 

We store your data within the UK and will never transfer your data outside the UK without permission. 

Our standard retention policy is seven years and we only keep the data we need to fulfil our service.

Data security is of great importance to us at Ellis Whittam and we have the appropriate data safeguards and procedures in place to protect your data.