Partners must implement the following security measures:

Secure communication through HTTPS with TLS 1.2 or later.
API keys or OAuth 2.0 for authentication and access control.
Regular password rotation and storage of sensitive data in encrypted form.
Access restrictions based on the principle of least privilege.

Encryption in Transit

To ensure the confidentiality and integrity of data as it travels over networks, we require that all data be encrypted during transit. This should include the use of strong encryption protocols such as TLS 1.2 or higher.

Encryption at Rest

Protecting stored data is equally important. All sensitive data must be encrypted while at rest, using strong encryption algorithms and key management practices. This helps in minimising the risk of unauthorised access or breaches.

Pre-Integration Evaluation

Before initiating any data sharing or integration activities with a third-party partner, we are committed to conducting a comprehensive evaluation to assess their adherence to our security and data handling standards. This evaluation serves as a critical step in ensuring alignment with our commitment to data protection, integrity, and compliance.

The key aspects of this pre-integration evaluation include:

Assessment of Security Policies and Procedures:	A meticulous review of the third party's existing security policies, protocols, and controls, including examining their cybersecurity measures, access controls, encryption standards, and incident response procedures.
Compliance Evaluation:	An in-depth analysis of the third party's compliance with our specific security requirements, as well as relevant legal and regulatory mandates such as GDPR. This process will involve an evaluation of their certifications, adherence to industry standards, and any third-party audits or assessments they have undergone.
Data Handling and Usage Analysis:	A thorough examination of how the third-party plans to use, process, store, and manage the data shared with them. This includes a review of their data retention policies, data processing agreements, and the measures they employ to ensure data privacy and security. Collaborative Engagement: An ongoing dialogue with the third-party partner to clarify expectations, answer questions, and address any concerns.
Final Approval and Documentation:	Upon successful completion of the evaluation, formal approval will be granted, and all findings, agreements, and commitments will be thoroughly documented.

Security compliance and quality management.

Partners must adhere to the following:

Cyber Essentials Plus Certification: To ensure a baseline for robust cybersecurity practices.
Registration with the ICO: To ensure adherence to data protection laws.
Regular Penetration Testing: Meeting robust data security obligations under GDPR.
Commitment to Data Security: Implementing and maintaining robust practices.
ISO27001 Consideration (Highly Recommended): Demonstrating a commitment to best practices in information security management.

Get in touch

If you would like to discuss intergration possibilities or have a idea, then please get in touch by calling 01625 860 545 or use our contact form

Experience for yourself

Let us show you the possibilities.

Whether you're eager for cutting edge capabilities today, or just want to learn what AutoFlow can do for your business, let us save you time and walk you through everything we offer.