NRA: New Membership Portal

[Gaz]

Resurrecting this topic, here's what the Azolve Ts & Cs have to say on security:

11. Security

11.1 Data security is of great importance to Azolve Limited and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.

11.2 Specifically we use the following systems:

11.2.1 Proactively monitoring core systems on a 24/7 basis with our enterprise class monitoring system

11.2.2 Secure and highly available network design using enterprise class Cisco equipment.

11.2.3 Scheduled centralised patch management on all systems covering both operating systems and common applications and services

11.2.4 Protection against viruses, zero day, spyware, suspicious activity (HIPS) through the implementation of a dedicated end-point security threat management system

11.2.5 ScoLocate’s Internet provider also protects the ScoLocate network against common network threats including denial of service attacks.

11.2.6 Active, ongoing programme of risk management, security incident management and security audit programme as part of our ISMS.

11.2.7 Security conscious workforce, including Information Security Manager role.

[DavidRees]

Resurrecting this topic, here's what the Azolve Ts & Cs have to say on security:

11. Security

11.1 Data security is of great importance to Azolve Limited and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.

11.2 Specifically we use the following systems:

11.2.1 Proactively monitoring core systems on a 24/7 basis with our enterprise class monitoring system

11.2.2 Secure and highly available network design using enterprise class Cisco equipment.

11.2.3 Scheduled centralised patch management on all systems covering both operating systems and common applications and services

11.2.4 Protection against viruses, zero day, spyware, suspicious activity (HIPS) through the implementation of a dedicated end-point security threat management system

11.2.5 ScoLocate’s Internet provider also protects the ScoLocate network against common network threats including denial of service attacks.

11.2.6 Active, ongoing programme of risk management, security incident management and security audit programme as part of our ISMS.

11.2.7 Security conscious workforce, including Information Security Manager role.

None of which prevents the flaws in the software design from causing the data breach I'm concerned about. No amount of the above can mitigate for poor design.

Unfortunately Mr. Mercer chooses to rely on the assurances given by the company (emailed response to my raising the issue with him). I will protect my own security by simply not using such a poorly designed system; in my view, the risks are simply too great.