Sorted applications run on fully-managed virtual private servers as well as fully-managed container orchestration platforms. Sorted use providers in the following regions:
- Ireland: Microsoft Azure
- INetherlands: Microsoft Azure
- Ireland: Amazon Web Services
All hosting platforms are certified for or compliant with relevant certifications (ISO27001, ISO9001) and/or national or international standards.
Our servers are patched according to a defined standard and remediation timescales corresponding to the severity of identified vulnerabilities.
Sorted has no physical access to any hosting provider data centres.
All data is backed up in real-time.
Sorted’s information systems and technical infrastructure are hosted within world-class data centres with extensive layers of protection. All data centres have extensive security controls including 24×7 monitoring, cameras, visitor logs and restricted entry. Sorted do not have physical access to any provider data centres.
Sorted maintains and regularly reviews and updates its security policies on at least an annual basis. Policies include Computer Security Incident Management, Configuration Management, Home and Mobile Working, Incident Support, Information Risk Management, Malware Prevention, Metrics, Monitoring, Network, Patch Management, Secure Configuration, User Education and Awareness, and User Privileges.
Sorted maintains a vulnerability management program which includes external third-party penetration testing at least annually. Remediation is applied to any vulnerabilities identified on a severity basis.
All data is encrypted at rest using AES-256 based encryption. In addition, all data is encrypted during transit. Access to the Sorted platform is only available via TLS-secured connections using TLS1.2 or above.
Our engineers use industry-standard secure coding guidelines and standards to ensure that our applications are secure. This includes static code analysis during build processes to identify potential vulnerabilities.
Sorted maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Sorted-issued devices are equipped with full-disk encryption and up-to-date antivirus software which is remotely administered.
Sorted maintains a Computer Security Incident Management standard and associated processes which covers six phases of incident response: preparation, identification, containment, eradication, recovery and lessons learned.
Business Continuity Management
All data is backed up continually and in near real-time. All backups are encrypted and stored securely with limited staff access in order to preserve integrity and confidentiality. Sorted’s Business Continuity Plan is updated and tested on a regular basis to ensure its effectiveness.
Logging and Monitoring
Application and infrastructure systems log continually to a centrally-managed aggregation platform for troubleshooting, pro-active issue identification, security reviews and analysis by authorized Sorted personnel. All logs are encrypted at rest and are accessible to authorized personnel only.