Security Statement

Click Go Security Statement Revised 19th August 2015

Super Reliable Hosting at Rackspace UK

Click Go is hosted within the Rackspace UK infrastructure providing a backbone of complete resilience and support. The Rackspace data centres are accredited to PCI DSS, ISO27001, and ISAE 3402 Type II standards, ensuring Click Go is secured by the best processes and technologies available. Rackspace clients who also benefit from these highly secure cloud servers include NHS, Royal Navy, Sage and the Department of Transport.

Public Access

Public access to Rackspace data centres is strictly forbidden. They only host equipment that they own and manage themselves, obviating the need for anyone but their highly trained engineers to be allowed into the data centre. In addition, Rackspace employs a series of physical security measures, including:

  • Live video surveillance of each data centre facility, monitored 24 hours per day
  • Onsite security personnel monitor each site 24 hours per day
  • Biometric hand scanners restrict access to each data centre
  • A pass card system restricts movement from room to room within each data centre

Rackspace physical security measures are audited by an independent company. All physical system access is fully logged and tracked for auditing purposes, and all staff with access undergo a thorough background check in line with UK Government standards.

Network security

Network level security is provided by a dedicated Cisco firewall, managed by Rackspace. Rackspace have ISO 27001certification for their operational policies and procedures, and they are regularly reviewed as part of their SAS70 Type II/ISAE 3402 Type II audit. More information about Rackspace’s security certifications can be found at http://www.rackspace.co.uk/certifications.

Click Go staff access to our Rackspace network via VPN, and remote access is restricted to known IPs. All Click Go local machines have anti-virus, firewall and latest software patches. All sensitive data such as remote logins are encrypted.

System security

Our servers run a hardened OS, with security patches applied by Rackspace to provide on-going protection from exploits. We perform our own attack surface scans and application security configuration checks, running the same rules that Microsoft uses on its own servers. We also verify external security using OWasp tool, used to verify security vulnerabilities.

Application security

All access to the Click Go service is via HTTPS, ensuring all data exchanged with the server is encrypted to industry standard levels, as well as authenticating the server itself to the user. Further security options are also available in the form of client-side certificates that authenticate your identity with our servers. Our software has been rigorously tested against web application vulnerabilities such as cross-site scripting (XSS), cross-site request forgery (XSRF) and SQL injection.

Business continuity

We operate a daily incremental Rackspace Cloud Backup ensures the highest performance and reliability of our backups. Backup tapes are kept in storage devices in a separate location at the Rackspace data centre. Offsite backups are encrypted using AES256 Encryption for storing.

In the event of a critical failure, we can rapidly deploy an alternative installation for on-going compliance using our automated deployment systems. Rackspace can make full replacement hardware available within 1 hour should it be needed. In the event of data corruption or failure we would then work with Rackspace to restore customer data from backups.

If you have any questions or concerns regarding our privacy policies, please send us a detailed message through our support section at www.clickgo2.com. We will make every effort to resolve your concerns.

Click Go Limited registered in Scotland under company number SC503743. Our registered office address is: Space, 11 Harewood Road, Edinburgh, Scotland, EH16 4NT. Effective Date: August 19, 2015