Our Security Policy

What this policy is about

We take your security seriously and are committed to ensuring that your information is secure.
This security policy sets out how Process Policy Ltd ("Process Policy" or "we") secures the data you submit when you use this website.

Security measures

In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Process Policy utilizes some of the most advanced technology for Internet security available today.

SSL

When you access our site using industry standard Secure Socket Layer (SSL) technology, your information is protected using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered users in your organization.

Credentials

Process Policy provides each user in your organization with a unique user name and password that must be entered each time a user logs on.
Your data is completely inaccessible to your competitors.

Encryption

Process Policy uses an high standard Cryptographic Service Provider to encrypt important data.
A cryptographic service provider (CSP) contains implementations of cryptographic standards and algorithms.

Hosting

Process Policy is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.

Cookies

Process Policy does not use "cookies" to store confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.

Security Audit

Process Policy runs periodic security checks on our servers to ensure there are no security breaches.
Some of the checks that are run include:

Web Server Configuration Checks

  • Dangerous HTTP methods on the web server
  • Vulnerable Web Servers
  • Vulnerable Web Server Technologies
  • Verify Web Server Technologies
  • Weak SSL Cyphers

Parameter Manipulation Checks

  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection
  • Code Execution
  • Directory Traversal
  • HTTP Parameter Pollution
  • XPath Injection
  • Path Disclosure
  • LDAP Injection
  • Cookie Manipulation
  • URL redirection
  • Remote XSL inclusion
  • File Inclusion
  • Script Source Code Disclosure
  • CRLF Injection
  • Cross Frame Scripting (XFS)
  • DOM XSS
  • MultiRequest Parameter Manipulation
  • Blind SQL/XPath Injection
  • Input Validation
  • Buffer Overflows
  • Sub-Domain Scanning

Directory and Files

  • Backup Files or Directories
  • Cross Site Scripting in URI
  • Unrestricted File uploads
  • Script Errors
  • Common File search
  • Sensitive Files/Directories
  • Directories with Weak Permissions
  • Cross Site Scripting in Path and PHPSESSID Session Fixation.
  • Web Applications
  • HTTP Verb Tampering

Weak Passwords

  • Weak HTTP Passwords
  • Authentication attacks
  • Weak FTP passwords

Text Search

  • Directory Listings
  • Source Code Disclosure
  • Local Path Disclosure
  • Error Messages
  • Trojan Shell Scripts
  • Common Files
  • Email Addresses
  • Microsoft Office Possible Sensitive Information

Controlling your data

You may choose to restrict the collection or delete submitted information by contacting our support team or writing to us using the address below.

About Us

We are a limited company registered in England and Wales under company number 08093889.
Our registered office is at 14 Willoughby road, NW3 1SA, London, United Kingdom.
Please see our company page for more information about us.
Regulated by the Information Commissioner's Office in the United Kingdom.

Last Updated

Last updated: 29 July 2012
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.