Data Security – BHBIA website and email systems


Website:

The website is designed, produced and managed for us by HMA Digital Marketing. The website and data held within it is currently hosted in Scotland by a company who hold an ISO 27001:2013 certification. 

Key security features of the datacentre:

Security - Physical

  • Manned by dedicated 24/7 SIA (Security Industry Authority) qualified security personnel. 
  • 24/7 manned reception with internal data centre patrols. 
  • Continually monitored state of-the-art CCTV system covering internal, perimeter and neighbouring areas of the data centre. 
  • Access to the data centre is through industry standard two-factor authentication. 
  • Intruder alarms. 

Security – Technical 

  • Proactively monitoring core systems on a 24/7 basis with an enterprise class monitoring system. 
  • Secure and highly available network design using enterprise class Cisco equipment. 
  • Fully redundant carrier grade Juniper routing platform. 
  • Active, ongoing programme of risk management, security incident management and security audit programme. 
  • Direct connections to Tier-1 networks such as Global Crossing, Level(3), Abovenet and Tinet. 
  • On site technical team. Direct connections to Tier-1 networks such as Global Crossing, Level(3), Abovenet and Tinet. 
  • Fully redundant carrier grade Juniper routing platform. 
  • Our own Gigabit connectivity on LINX. Security against fire 
  • VESDA fire detection continuously sampling the air for smoke particles. 
  • FM2000 suppression system. 

Emails

We use three different ways to send emails:

1. Automatic notifications - from the website itself. 

2. Direct communication on specific issues related to your membership or other transactional purposes - from the BHBIA admin team via secure email systems managed by Kingston Smith Association Management, our administration company. 

3. Marketing and information communications – via our email management system (EMS) which is linked to the website. The EMS is run by Campaign Monitor who are sub-contracted to HMA, our website provider. Campaign Monitor is one of the leading providers, and provide services for many major UK organisations. 

  • In terms of the EMS system, all data is stored in a US-based data centre. In addition, multiple data processing locations are used including USA, Australia and Germany. An external content delivery network is also used, which is used for content caching. 
  • Campaign Monitor have provided assurances, via our website provider, HMA that they are GDPR compliant – all data processing activities that involve the collection treatment and safeguarding of personal data are documented and they have processes are in place to meet requests from subscribers under GDPR obligations – for example deleting subscriber data. They have removed any features that don’t meet GDPR regulations and have data processing agreements with all their sub processors.