InfoSec guidance for SMCR PRO users
Introduction
Your current/prospective employer may use information provided in the SMCR PRO system to assess your Fitness and Propriety as per the Financial Conduct Authority’s Senior Management and Certification Regime.
As businesses are increasingly interested in shifting their operations toward the cloud, security and compliance requirements have become more and more demanding and critical.
This section describes how SMCR PRO implements strict governance and security requirements.
GDPR
Client’s privacy and security is our top priority. We are proud announce our full commitment to the European GDPR compliance, along with the enforcement of privacy and protection of personal data of SMCR PRO users.
Security
SMCR PRO has been designed with security as its top priority, and customer data is neither shared with nor available to others.
Compliance
SMCR PRO is provisioned in a cloud-centric architecture which leverages the best services and techniques to offer a secure, reliable and high-performance cloud environment.
Google Cloud Platform is widely recognized for its compliance with local and global standards and regulations, including ISO/IEC 27017, SOC 1, SOC 2, PCI/DSS, NIST-800-171, FedRamp, HIPPA/HITECH, and EU Model clauses.
Security controls
SMCR PRO implements security controls and measures for data integrity, confidentiality and availability.
Environment security
SMCR PRO is hosted in a private cloud powered by Google Cloud Platform and managed by ImagineTEC, which relies on important security-by-design features, and manages and maintains the security of your environment as a whole.
The assigned services and resources for SMCR PRO customers are located in the geographical location the customer chooses (default location: UK).
Security in maintenance
SMCR PRO maintains a secure service and environment which includes ensuring the timely application of patches, fixes and updates to services and underlying infrastructure so that the service as a whole remains secure from vulnerabilities.
Data encryption
To provide a higher data security level, SMCR PRO features data encryption in transit.
For data in transit, communication channels rely on the Transport Layer Security (TLS) protocol requiring the use of certificates to encrypt content.
Encryption in transit
Encryption of data in transit is assured by using TLS certificates that protect the channel.
This applies both to communications between SMCR PRO components and the database, and to the communication of end users when accessing the system (in which case, HTTPS is used).
This measure prevents tampering of packages, spoofing, and man-in-the-middle attacks at the transport layer.
As well as the above security measures, note that unauthorised access to the database is not allowed, and that the customer has control of identity management for access to SMCR PRO.