DATA SECURITY FOR DIGITAL MARKETING

Does Zymplify encrypt data in transit?

The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.0, 1.1, 1.2), a strong key exchange (ECDHE_RSA with P-256), a strong cipher (AES_128_GCM) and 2,048-bit keys.

Is Zymplify protected by a firewall?

Yes. Config Server Firewall (or CSF) is an advanced firewall for Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections etc.

Building

• Four-floor building
• Approximately 250m² of hosting space (ground floor)
• Loading/delivery docking area
• Equipment scissor lift (2m x 1.4m)
• BMS monitoring system monitored by Tagadab Support
• 24 x 7 environmental monitoring systems & power monitoring
• A regular and meticulous maintenance schedule on all Data Centre infrastructure

Room

• Heavy duty raised floor
• Raised floor (height – 0.5m)
• Door width (Minimum width 1.1m - loading bay, all other doors are 1.4m)
• Door height (2.15m)
• Roof height (excluding raised floor) - 2.45m
• Anti-Static tiles with earthing straps attached to every under floor support

Climate

• Average supply temperature: 22°C/72°F ± 2°C
• Regulated humidity
• 2N cooling infrastructure
• N+1 computer room air conditioning (CRAC) units with up to 90kW capacity
• N+1 Chillers installed away from all client areas and fed via dedicated risers
• Moisture detection sensors

Power

• 720kVA – Building power feed
• 2N Power distribution to PDU’s
• Diesel driven generator with 3 days run time at full load
• 625 kVA Generator
• 200 kVA UPS with static and maintenance bypass
• Voltage and frequency – 415/240v 50Hz
• Each cabinet has 2x IEC309 commando sockets positioned under the raised floor
• Standard power distribution within cabinets (PDU’s) is supplied as 12x C13 and 4x C19 sockets
• Up to 7.5kW power supply per rack
• 32A MCCB’s within PDU’s

Security

• Only authorised staff and registered customers are allowed on-site
• Security zones using Smart-card access
• Logging of all entries
• Internal and external CCTV monitored in a security reception
• 24 x 7 x 365 Security & monitoring

Cabling and Connectivity

• Power cabling under raised floor
• Data cabling overhead
• CAT 6 structured cabling
• Scalable architecture including multiple redundant core switches and routers
• Access to distinct fibre providers including: BT and Virgin

Fire Suppression

• Gas fire extinguishing system
• Very early smoke detection alert (VESDA)
• Fire-retarding walls
• Automatic smoke detection throughout Data Centre
• Argon fire suppression system
• Regular testing and evaluation of all systems

Penetration Testing & Vulnerability Testing

Zymplify bring in industry respected 3rd party penetration testing firms once a year to carry out full penetration testing on our products. The latest penetration test was carried out in June 2017 by Info-Assure who are certified CREST security testers. We have stringent internal audit procedures to ensure compliance with the data protection act. Our development team carry out vulnerability testing on an ongoing basis to identify and quickly respond to flaws.

Backups

We take full back-ups of the database 4 times per day to ensure that up to date and accurate data is available for restore in the case of disaster recovery. In addition our data centre has full disaster recovery procedures in place in line with ISO 9001 and take regular back-ups of the data on a daily basis.

Zymplify are committed to ensuring that all data processing is carried out in line with the General Data Protection Regulation (GDPR).

We are committed to Data Protection by Design and Default and we continue to develop features which will assist companies in ensuring that their marketing campaigns comply with the GDPR.

The steps we have taken include but are not limited to:

• Development of pre-built cookie templates with clear opt out instructions for individuals
• Development of pre-built privacy statement templates
• Restrictions on SMS and Email sends via the dashboard to individuals who have opted out of such communications
• Centralised single customer view with full audit trail of all correspondence and touchpoints
• Opt in/Opt out traceability included within the single customer view including the source and date of receipt of consent

Our Data Protection Officer (Michael Green) has completed the EU GDPR Practitioner Certification (ISO 17024-accredited) and is on hand to answer any GDPR related queries, please get in touch via dpo@zymplify.com