We take our security seriously — that’s why we’re trusted by leading members of the UK’s wealth management industry and have been for over thirty years.
Our enterprise-grade security and dedicated in-house team will keep your data secure. We are firmly committed to industry best practice and international regulatory standards which is why we currently adhere to ISO 27001 standards and are working towards full accreditation.
Encryption
All data is encrypted at rest (256-bit AES encryption) and in transit (TLS 1.2 minimum) to ensure the data sent and held is secure and not subject to unauthorised access.
Authentication
We support enterprise single sign-on (SSO) integration via SAML and OIDC, meaning our clients can enforce their existing access controls.
Network architecture
Our network is logically separated to ensure that data cannot travel between separate parts of the network. The principal of least privilege is followed to ensure access to our production environment is restricted on an explicit need-to-know basis.
Security Incident Event Management
Our SIEM solution collects critical logs from across our network and endpoints, alerting on any unusual activity.
24/7 security operations centre
A third-party SOC team carry out 24/7 monitoring of our SIEM to investigate and respond to any alerts, should they arise.
Penetration testing
Annual penetration testing is carried out on our network infrastructure and web application by CREST-accredited third-party testers.
Code scanning
We use third-party tooling to perform static, dynamic and open-source scanning of all code against common security risks.
Looking for more in-depth information?
Explore our detailed security policies below.
Access monitoring
We log and monitor all access attempts via Microsoft Sentinel. Any suspicious logins are flagged for further investigation.
Physical security
No sensitive data is locally stored in our office and physical access to our office is restricted using secure electronic keys. Our data is stored within Azure Data Centres.
Encryption
All our data is encrypted at rest and in transit to ensure the data held and sent is secure.
Dedicated privacy and data protection officer
We have an in-house privacy and data protection officer who oversees our privacy programme.
Employee training
All our staff carry out annual privacy-specific training, ensuring continued awareness of regulation and up-to-date best practices on handling sensitive data.
UK GDPR
We are committed to compliance with all relevant UK laws in respect of personal data, including the UK General Data Protection Regulation.
Azure Front Door
Our platform sits behind Azure Front Door, a best-in-class Content Delivery Network which protects against attacks in real-time.
Microsoft Defender for Cloud
All our infrastructure is secured and protected by Microsoft Defender for Cloud, with logs ingested through Microsoft Sentinel SIEM for review and anomaly analysis.
Web application firewall
Our platform is protected by an Azure Web Application firewall to help keep your data safe.
Vulnerability and patch management
Servers and endpoints are updated monthly as new Operating System updates are released.
Code analysis
We run automated code analysis against a Fortify code base.
Logical access
We have enforced logical and physical delineations between our production, UAT, developer, QA and internal environments to ensure data segregation.
Disaster recovery and business continuity
Regular backups are conducted to ensure that we can recover from a disaster, media failure or other form of error.
Penetration testing
Internal and external infrastructure tests are performed regularly by a third-party penetration testing company.
Firewall
All traffic is routed through Azure Firewall, a cloud-native, intelligent network firewall security service, providing best-in-breed threat protection for cloud workloads running in Azure.
Vulnerability scanning
Vulnerability scans are carried out regularly, particularly on business-critical servers and networks.
Threat monitoring
Endpoint detection and response tools will be used to identify indicators of compromise, monitor active processes and network connection.
Virtual private cloud
We use a private virtual cloud within Azure to ensure all our compute needs are performed in a secured environment, separate from other public cloud tenants.
24/7 security operations centre team
All application, cloud and server logs are ingested within Microsoft Sentinel and managed by a dedicated SOC team.
Audit logging
CGiX logs all user activity which can then be reported upon by administrators.
SSO and MFA support
CGiX can integrate with your own SAML-authentication solutions, allowing for Multi-Factor Authentication (MFA) and Single Sign-On (SSO) access.
Access control
CGiX offers access control that allows administrators to provide different levels of access across the application and to certain accounts. Granular page-by-page permissions can also be applied.
Secure coding
We follow secure coding principles established by best practice organisations including, but not limited to, The Open Web Application Security Project, the UK National Cyber Security Centre, and the Software Engineering Institute Computer Emergency Response Team.
Secure development
We conduct security testing for development projects using techniques such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
Third party due diligence programme
Our due diligence programme involves robust annual reviews of third parties to ensure compliance with internal security policies and GDPR regulations.
Disk encryption
All corporate laptops use PIN-protected bitlocker to enforce disk encryption.
Mobile device management
Microsoft Intune is used for the management and configuration of all laptop endpoints, allowing us to remotely lock or wipe lost or stolen devices.
Threat detection
Microsoft Sentinel Analytics are used to manage, detect and mitigate against Advanced Persistent Threat actors.
Ready to transform your tax management?
Book a call to find out how our service
can be tailored to your firm’s needs.
