As a leading Cloud service provider, virtualDCS has contracts with organisations across Europe. These customers expect that we demonstrate the up-most professionalism in the security and privacy of our processes, and systems.
Specific, subsidiary Standard Operating Procedures are considered part of this information security policy and have equal standing.
This policy is authorised by the Board, and it is reviewed and updated when necessary.
Introduction virtualDCS is a provider of cloud computing services, specifically VMware-based products. We have designed, built, and maintained a ‘Virtual Platform’ that supports business computing in the UK and Europe. Our clients range from international retail chains, through to local micro businesses. To provide our services, we must collect, and process data.
To protect this data, we have implemented an Information Security Management System, that has been certified to ISO 27001:2013, by the British Standards Institute. Our management system is mature, and has been certified since 2015.
This policy describes our approach to information security and privacy, and acts as a reference document for our staff, customers, and the public.
Our Stakeholders
Our staff, customers, and the public expect the very best from our company on technological and procedural matters. They trust us to protect the confidentiality, integrity, and availability of their data and their virtual machines.
We have entered into multiple contractual agreements with customers, which specifically require us to maintain strict physical and information security. We also have legislative requirements under UK law.
Our stakeholders include: our staff; contractors; customers (including their customers and staff); our suppliers; our regulatory bodies (including UK and EU law enforcement, and UK administrative bodies); and our appointed auditors.
In addition to our contractual requirements, virtualDCS has a number of legal requirements placed upon it. These include (but are certainly not limited to): Data Protection Act 2018 (including the General Data Protection Regulations); Investigatory Powers Act 2016; Computer; Misuse Act 1990; Anti-terrorism, Crime and Security Act 2001; Police and Criminal Evidence Act 1984; Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations; and the Copyright, Designs and Patents Act 1988.
Our Information Security Management System
We have created an Information Security Management System, to structure our approach to security and governance. The scope of our ISMS, which has been certified to ISO 27001:2013, is: The provision of safe and secure virtual server hosting services.
Our ISMS aims to provide a safe and secure environment for customers to host their virtual servers. Included in our scope are: the Virtual Platform Domain (VP); the physical servers it is operating from; both virtualDCS data centre locations (Derby, Leeds); and the back-office technical and administrative functions necessary for the operation of our services.
All virtualDCS staff, contractors and 3rd parties are in scope of the ISMS and receive training appropriate to their role. Out of the scope of our ISMS are any assets used solely by customers and 3rd parties, such as a customer’s virtual machine.Where high levels of risk are identified, risk reduction or mitigation actions are documented and employed.
Proactive Security, and Commitment to Improvement
virtualDCS operates a ‘proactive’ security defence model. We have committed to continually improving the security and reliability of our platform: we own, control and when necessary, custom-build systems. We operate multi-zone environments to maximise uptime, redundancy, and to provide the fastest response time to customers. Our network architecture is designed to reduce single points of failure, and is constantly reviewed for best practice and compliance.
By approaching our platform architecture in this way, we can provide customers with the fastest and safest cloud environment.
Our platform is monitored 24x7x365 from our system centre, and by Pingdom. We monitor it for availability, reliability, and speed. A comprehensive external security testing programme is run every month to ensure that our service is secure from known exploits, new vulnerabilities, and targeted attacks.
Structured Approach to Managing Security
To ensure that we have a consistent approach to security and privacy for our stakeholders, we have created a number of Standard Operating Procedures that provide a formal process for our common tasks. These SOPs cover everything from User Passwords and Staff Vetting, through to Incident Response and Change Management. Our SOPs are reviewed at least annually, and are updated in line with industry standards.
Privacy
Our stakeholders quite rightly expect that we keep their personal and commercial information, private. We employ a robust information governance structure, as part of our ISMS. This structure controls how we collect, store, and process information.
Personal Information
To enable the effective operation of our business, we must collect, store, and process personal information. We have explained the legal justification for holding this information below:
Our staff and contractors
Personal information including full legal names, nicknames, date of birth, residential address, telephone numbers, email addresses, medical history, and sick leave details. We use this information to comply with our legal obligations as an employer.
Customers’ staff and contractors
Personal information such as full legal names, nicknames, email addresses, and telephone numbers. We use this information to fulfil our contractual obligations with our customers.
Former customers’ staff and contractors
Personal information such as full legal names, nicknames, email addresses, and telephone numbers. We use this information to comply with our legal and contractual obligations.
Business and product development
Personal information including full legal names, nicknames, email addresses, and telephone numbers. We use this information to conduct our legitimate business interest in offering our services for sale to other businesses.. As part of that sales process, we may approach individual data subjects, via email, telephone, and direct mail. We shall always action any request to stop processing that individual’s personal information, in addition to performing our other obligations as specified by the General Data Protection Regulations, and the Privacy and Electronic Communications Regulations.
Commercial Information
We must also collect, store, and process commercial information. This information includes technical diagrams, project plans, and other confidential commercial information. We hold this commercial data for the period specified in our customer and supplier contracts, and to comply with our legal obligations.
Access Requests and Security Reports
Individuals in the European Union have the right to request access to, the correction of, and deletion of their personal information. If an individual wishes to submit a subject access request, virtualDCS will respond to the request within 20 working days.
Supplier and Third-Party Applicability
virtualDCS requires its suppliers and associated third-parties to comply with this Policy. They must use appropriate policy and technical controls when accessing, transmitting, or storing our information assets. virtualDCS will audit supplier and third-party adherence to this policy from time to time.
Responsibility and Accountability
Overall accountability for information security and privacy rests with Richard May, on behalf of the company’s Board.
Responsibility for many functions relating to security and privacy has been assigned to operational teams, including:
System security
The technical team, led by our Operations Director, is responsible for ensuring that our systems are secure, and that they are designed and maintained according to our SOPs, and industry best practice. Information governance, compliance, and standards
virtualDCS has contracted an independent consultant, who advises the company’s Board on governance, standards, and compliance issue. This consultant also maintains the ISMS documentation.
Information and document management
The administration team is responsible for managing the company’s documentation library, across its computing and physical estate.
All virtualDCS staff are assigned some responsibility for information security and privacy, according to our Standard Operating Procedures. Each member of our team must ensure they are familiar with their responsibilities, and act accordingly.
Independent Audit
To ensure that we’re meeting our obligations, and to provide our stakeholders with independent assurance of our performance, the British Standards Institute performs regular audits our Information Security Management System. These audits provide us with actionable feedback on our system, and enable us to continually improve our security and privacy.
Cookie Policy for virtualDCS
What Are Cookies
As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality.
How We Use Cookies
We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.
Disabling Cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site.
The Cookies We Set:
Forms related cookies
When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence, passing them through to our sales team.
Site preferences cookies
In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Third Party Cookies
In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you. From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell products it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
Several partners advertise on our behalf and affiliate tracking cookies simply allow us to see if our customers have come to the site through one of our partner sites so that we can credit them appropriately and where applicable allow our affiliate partners to provide any bonus that they may provide you for making a purchase.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook, LinkedIn, Twitter and YouTube, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
virtualDCS currently uses Lead Forensics software to track visitor actions on the website and may contact you regarding the services we offer from the third-party information they provide.
More Information
If you are still looking for more information then you can contact us at [email protected]