Sorted legal
Platform Legals
Security statement
Hosting
Sorted applications run on fully-managed virtual private servers as well as fully-managed container orchestration platforms. Sorted use providers in the following regions:
- Ireland: Microsoft Azure
- INetherlands: Microsoft Azure
- Ireland: Amazon Web Services
All hosting platforms are certified for or compliant with relevant certifications (ISO27001, ISO9001) and/or national or international standards.
Our servers are patched according to a defined standard and remediation timescales corresponding to the severity of identified vulnerabilities.
Sorted has no physical access to any hosting provider data centres.
All data is backed up in real-time.
Physical security
Sorted’s information systems and technical infrastructure are hosted within world-class data centres with extensive layers of protection. All data centres have extensive security controls including 24×7 monitoring, cameras, visitor logs and restricted entry. Sorted do not have physical access to any provider data centres.
Security policies
Sorted maintains and regularly reviews and updates its security policies on at least an annual basis. Policies include Computer Security Incident Management, Configuration Management, Home and Mobile Working, Incident Support, Information Risk Management, Malware Prevention, Metrics, Monitoring, Network, Patch Management, Secure Configuration, User Education and Awareness, and User Privileges.
Vulnerability management
Sorted maintains a vulnerability management program which includes external third-party penetration testing at least annually. Remediation is applied to any vulnerabilities identified on a severity basis.
Encryption
All data is encrypted at rest using AES-256 based encryption. In addition, all data is encrypted during transit. Access to the Sorted platform is only available via TLS-secured connections using TLS1.2 or above.
Development
Our engineers use industry-standard secure coding guidelines and standards to ensure that our applications are secure. This includes static code analysis during build processes to identify potential vulnerabilities.
Asset management
Sorted maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Sorted-issued devices are equipped with full-disk encryption and up-to-date antivirus software which is remotely administered.
Incident management
Sorted maintains a Computer Security Incident Management standard and associated processes which covers six phases of incident response: preparation, identification, containment, eradication, recovery and lessons learned.
Business Continuity Management
All data is backed up continually and in near real-time. All backups are encrypted and stored securely with limited staff access in order to preserve integrity and confidentiality. Sorted’s Business Continuity Plan is updated and tested on a regular basis to ensure its effectiveness.
Logging and Monitoring
Application and infrastructure systems log continually to a centrally-managed aggregation platform for troubleshooting, pro-active issue identification, security reviews and analysis by authorized Sorted personnel. All logs are encrypted at rest and are accessible to authorized personnel only.
Privacy
Sorted understands the importance of ensuring the privacy of personally identifiable information (PII) and being legally compliant with privacy laws and regulations. For more information please see our privacy policy at https://sorted.com/privacy-notice/.