We recognise that we have a responsibility to protect the data you send to us, so pensionsync has been built with trust in mind from the beginning. From our business partner’s perspective the pensionsync data integration platform should be viewed as a highly secure, highly available, and highly resilient extension of your own IT systems without the associated set-up costs and technical management overheads.
Since the transfer and processing of personal payroll and pensions data means strict compliance to government and industry regulations, we are constantly reviewing everything we engineer with the security of your data as our number one priority. This philosophy covers the basics you would expect from your own IT systems, but goes well beyond that to provide secure and resilient services and infrastructure that you would normally expect to receive from enterprise infrastructure technology giants.
The information on this web page is a carefully selected subset of the information we make available to potential customers of pensionsync. Our internal security protocols demand that we do not release precise details on our security and business continuity practises into the public domain, for obvious reasons.
If you are considering buying a data integration service from pensionsync for your business then we would be happy to share with you more information on our data security practices once a confidentiality/non-disclosure agreement has been signed. Please use this contact form to request more information from us.
Below I’ll outline at a high level our approach and views on the following key security questions:
In short: very secure. Our fundamental design premise is that everyone apart from you is denied access to your data, which means strongly enforcing encryption end-to-end.
When you sign up through our pensionsync Developer Portal you will be issued with API keys that are only known to you. By policy and design we do not let our support staff have any kind of access to your API keys and so we will not be able to retrieve them for you if you lose them. Of course you can use the Developer Portal to generate new keys if needed.
We use SHA-256 (2048-bit root) SSL certificates issued by GeoTrust True BusinessID with Extended Validation to encrypt data between your environment and our servers
It is important to remember that we hold data only for as long as it takes to process it and provide support. That said, as soon as your data enters into pensionsync we generate a unique one-time pad key and apply AES-256 symmetric encryption to your data and store it as a document temporarily in an encrypted state. This means that each time our service is used, a unique encryption is applied to each document we store.
We also encrypt the pad key to ensure that your encrypted data is only accessible via the pensionsync platform and cannot be accessed directly from the data store even if a route could be found to the data store i.e. an internal security breach at one our infrastructure supplier’s data centre.
Yes. systemsync solutions limited (which owns and operates pensionsync) is registered with the Information Commissioner’s Office (#ZA109264) and there obliged to comply with all aspects of the Data Protection Act. We understand the principles of that Act to be:
Our terms and conditions (which must be agreed to before any person or organisation accesses pensionsync APIs) assume your organisation has the appropriate consents to process the data in the context of our pensionsync service. You must be an authorised data controller to pass data to us (in our capacity as a registered data processor).
pensionsync has been built solely and specifically for the the purpose of enabling your organisation to process the necessary and legitimate interests of individual’s personal employee payroll data to pension providers. Once the process is completed the encrypted data is securely deleted based on our retention policy.
pensionsync processes your source PAPDIS and PASS structured data and validate it against your desired pension provider’s requirements. The PAPDIS and PASS data structures ensures that this adequacy principle is adhered to.
pensionsync validation processes will highlight and return to you data errors where they are incompatible with your pension provider. We cannot (and should not because we are not data controllers) check the accuracy of the records you process through pensionsync
pensionsync only holds your encrypted data long enough to process it and provide support, and then it is physically deleted.
pensionsync provides end-to-end secure and encrypted technologies to prevent your data from being compromised.
All of our supplier’s infrastructure is located within European Economic Area countries; specifically the UK, Ireland, and the Netherlands. No unencrypted and personally identifiable data will be transferred by us out of the EEA defined countries
We are serious about implementing best practice security throughout our platform and organisation, and are pleased to announce that on the 31st March 2015 we made two significant commitments:
We engaged with NTA Monitor, a well established and independent information security specialist consultancy, to review, test, and validate all aspects of our security.
We went through a robust selection process and found NTA Monitor’s 18 years trading as an independent information security specialist, their long list of security accreditations, clear subject matter expertise in Financial Services, Pensions, and even cloud technologies were particularly impressive. In fact they have been providing similar independent security consulting services and penetration testing for The Pensions Regulator, The People’s Pension (B & CE), and The Department of Work and Pensions.In our case we have specifically scoped the following:
The output of NTA’s audit and penetration tests can be made available to our prospective customers.
Since May 2015 we have worked closely with Microsoft and their expert technical consultants who we brought in to conduct detailed architectural reviews of our platform, and later to specifically review our Business Continuity and Disaster Recovery implementations. Practically this relationship means that we have ongoing access to experts, to review what we've engineered, and suggest where appropriate architectural, scaling, resilience, DR, performance, and security optimisations can be made. We are excited to have this level of access.
Early on we evaluated the pros and cons of doing everything ourselves. You are possibly considering the same question. Going it alone gives you ultimate control but with that control comes with a significant cost. These costs aren't just about servers, but we also considered physical security, disaster recovery, and resilience. We quickly realised that purchasing servers, racks, firewalls, load balancers, then configuring, maintaining, monitoring, supporting, upgrading, patching, backing up and the long list of other technical maintenance tasks were not the best use of our time and expertise. We could do it, but like you, we would need to employ a group of dedicated resources. That just didn’t make commercial or practical sense. Our answer to this problem was managed cloud infrastructure, and after reviewing the main contenders in this space, we opted to work with the following service providers:
As a team, we have been building enterprise grade global web applications on Microsoft technologies for over a decade. Typically these applications were hosted in large corporate data centres, so taking a look at Azure was a clear preference, but we also wanted to be sure. So over the last 4 years we have been engineering applications on Azure with a view to learning where it’s limits are and actively watching how Microsoft invest in and develop the services.
We learnt a lot about what works and what wasn’t quite ready for our needs over the years, and earlier this year we decided the time, technology, and services were ready, and we signed up to a Microsoft Azure Enterprise Agreement.
Our investment into the Azure Enterprise Agreement ensures we have the best SLA’s, support, resilience, reliability, and security Microsoft has to offer. Moreover Azure and their underlying data centres have world class security in place and has independently verified ISO 27001 certification from the BSI, along with incorporating controls outlined in the ISO/IEC 27018 standard, which provides a code of practice specifically for processing of personally identifiable information in public cloud services. Azure also has UK G-Cloud “OFFICIAL” accredited infrastructure used by UK government and NHS trusts who hold and transact public sector data. Read more about Microsoft Azure’s policies here.
API’s are a fundamental aspect of our our technical design philosophy, but we knew that, like managing servers and databases (Azure), managing API keys would be better served by utilising a specialist partner. API key management is the service of issuing secure keys to access pensionsync API’s, along with monitoring and managing access.As you would expect we went through a thorough appraisal of potential suppliers, and along with reviewing them against our technical requirements, we measured them against our security and reliability needs. Specifically we wanted to be sure that:
pensionsync’s implementation of 3scale gives us a highly secure, highly available, and highly functional API management platform.
We utilise the top level enterprise grade managed cloud infrastructure from Microsoft Azure.
Our internal data security processes ensure we regularly contact all of our infrastructure service providers to ensure that they are providing our service within the constraints of these points.
It’s worth noting that Microsoft provides better than 99.9% uptime SLA’s across Azure per month. That’s pretty good, but by their own admission it can be improved. We have a planned architectural review session with the Microsoft Azure team in May to take a look at what we’ve done and how it can be improved.
We've architected pensionsync to be highly available and resilient, and this is the reason why pensionsync has two (mirrored) API endpoints. Both endpoints are available 24/7, and in the unlikely event that one is unreachable, you will automatically failover to the other (with no need to take any remedial action within your software application). The endpoints will be physically running in different data centres just in case there is an ‘event’ that takes an entire data centre offline.
In fact, even if our API Management platform used to issue you with your API keys is unavailable, our services will remain available to you as long as you have an active and authorised API key.
In periods of high demand our servers will automatically scale, so that there is no degradation in your service. This is possible because the pensionsync application has been configured to seamlessly load balance and failover when certain thresholds are passed.
Regular maintenance of servers will not result in any pensionsync downtime and your AES-256 encrypted data is temporarily stored in triplicate across 3 separate database servers which automatically handle sharding and rebalancing if required.
Furthermore our partner’s managed data centres are constantly monitored for intrusion detection, DDoS prevention, automatic patching, real-time antivirus protection.What this means is that we could experience all of the following failures simultaneously and our service would continue to run: