Security Policy

Effective: 1 June 2021

LiveDiligence is hosted on Microsoft Azure, providing the infrastructure and security for our infrastructure, systems and data.

Organizational / personnel

  • All personnel sign confidentiality agreements. Access to code, data, and other information is strictly limited to employees that require access to be able to perform their day-to-day work.

  • Where available, all access to third party systems must be configured to require multi-factor authentication.

  • Third party systems where confidential information is handled must use some form of role-based access control or other forms of restricting access to roles or users.

  • Devices used by personnel to access confidential information must make use of LiveDiligence approved antivirus/antimalware protection.

Data protection & location

Commercial data is stored exclusively in datacenters in the U.K. and is encrypted at rest with 256-bit AES encryption while our data in transit is encrypted using the TLS 1.2 protocol with SHA-256.

Availability & redundancy

We are committed to make sure our services are highly-available. Our applications are deployed in N+1 configurations, our databases and database backups are geo-redundant and our file storage makes use of zone-redundant storage by keeping multiple copies of the data across multiple data centers so that we are able to continue operations even in the event of hardware failures, network or power outages, or natural disasters.

Prevention & monitoring

  • Our systems are continuously being updated and improved to minimize security risks.

  • We continuously monitor and scan our systems for irregularities, malicious software, and suspicious files, so that we can intervene as soon as any threats or problems are detected.

  • Periodic security assessments are done based on best practices and security guidelines to make sure our systems stay safe and our data protected.

Access to customer data

LiveDiligence personnel may only access customer data where we are processor of that data under the following conditions:

  • For the purpose of incident response, customer support, or disaster recovery.

  • For no longer than is required to fulfil the purpose of the access.

  • In an auditable manner.

  • if we are required by law to access such data.

Customer data is never used in development or test environments.

Access to customer data

Customer data is stored on Microsoft Azure Cloud and protected by industry leading, multi-layer physical security measures. https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security.

Incident management & Disaster Recovery

  • All employees are required to immediately report any potential security breach.

  • In the event of a security breach that affects customer data where we are processor, we will communicate with our customer (usually the controller) regarding the severity, scope, root cause, and resolution of the breach.

  • Our back-up policy describes what and how we back-up our data.

  • We carry out monthly testing of our disaster recovery process to ensure the continuity of our services and integrity of customer data.

SEPARATION

In case of personnel termination or resignation, all access to accounts, credentials, our systems and third-party systems will be immediately disabled.

This Security Policy may be updated from time-to-time and is subject to change at our discretion.

Ready for radically better due diligence?

LiveDiligence has already been used on over 170 transactions — we’d love you to join our growing community.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.