A cyber ransomware attack, and resultant data breach, on a cloud computing provider has turned a spotlight on the security of data held by software companies supporting the UK charity sector.
Care Data Systems takes the security of our systems and the data we hold very seriously.
Personal data is often a target for cyber-attack, so we have robust systems and processes in place to ensure its security.
We follow industry-standard best practice and conduct on-going risk assessments of our infrastructure.
In preparation for the introduction of the GDPR, in 2018, we undertook a review of where and how that data is tracked, managed and deleted within the business.
That examination of our systems and protections is repeated by an independent third-party every year, in line with our Cyber Essentials certification. It covers:
As our donorflex CRM software application is installed on client infrastructure, we dont generally hold personal donor data. Where we do for project and support purposes on behalf of our clients were sensitive to its security and handle it under strict GDPR data management guidelines.
Our clients hold the responsibility for the security of their own donorflex database, application and the associated infrastructure, in line with industry best practice.
Through our perimeter and internal defences, as well a robust backup system, we have taken steps to mitigate the persistent risk of a cyber-attack. That means were in a strong position to protect our systems and data from attack.
We work with the key drivers of the UK charity sector.