buddi home
login
buddi find
Authenticating member...
what is buddi?
buddi personal
buddi business
buddi shop
other bits
faq's faq's
customer care customer care
advisory board advisory board
partners partners
our policies our policies
news news
jobs at buddi jobs at buddi
contact us contact us
terms & conditions terms & conditions
buddi blog buddi blog
sitemap sitemap
 
2009 Winner
Technology & Innovation
CBI / Real Business
Growing Business Awards
 
 
 
© buddi ltd 2010
 
home > other bits > our policies
 

our policies
 

Information Security Policy

Data Protection Act

buddi takes its responsibilities under the Data Protection Act very seriously; and in accordance with the Act, and guidance provided by the Information Commissioner's Office, buddi complies with the eight principles which make sure that personal information is:
  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with their rights
  • Secure
  • Not transferred to other countries without adequate protection 

System Security

(1) Website Services
  • Provided by sapnagroup www.spanagroup.com
  • Web programming using PHP, JavaScript, AJAX
  • Web hosting
  • Web support

(2) Servers
  • Linux operating system with Apache web server
  • Database: MySQL
  • High-capacity data centre provided by Hetzner

(3) Security features
  • Application firewall via mod security 
  • Network firewall
  • Brute Force protection
  • DOS (Denial Of Service) attack protection
  • Monitoring of critical services
  • Problem notification via SMS / server status page

(4) Reporting
  • All web activities logged
  • System logs are continuously analysed for problems 
  • Constant upgrade of services, tools and patches

(5) Penetration testing
  • Servers go through an initial security setup 
  • Servers are subject to regular test using security tools like nessus, nmap etc. 
  • High-capacity data centre provided by Hetzner

(6) Security updates
  • Immediately patches or system updates employed to counter known security vulnerability 
  • Subscription to internet security advisory sites enable early identification unknown of security vulnerability 

(7) Website activity
  • Website reaction time checked every 5 minutesetzner

(8) On site backups
  • Weekly full backups
  • Daily incremental backups (backup only of files which are modified or new)
  • Daily MySQL backups
  • MySQL replication (the mirror server always has the latest database available at any point)
  • Backups are stored on both servers

(9) Mirror server
  • Backup Server
  • Exact copy of the main server
  • Databases synchronized
  • Provides quick recovery

(10) Off site backups
  • Daily MySQL database backups are sent encrypted to an offsite server

Contact us on 0871 423 8756
backnext