Compliance

An overview of Gladstone Cloud with commonly asked questions around its security and compliance

Where is you Privacy Policy?

Our privacy policy can be found here.

What certifications do you hold?

Gladstone and its Gladstone Cloud product have the current certifications

  • ISO9001
  • ISO27001:2013
  • Cyber Essentials
  • GDPR
  • PCI

Gladstone take security extremely seriously and therefore to make sure we have the most secure and reliable platform available, we also monitor and track our Cloud platform against the following (however are not currently officially certified). 

  • CIS AKS 2.0.0
  • HIPAA
  • NIST CSF 1.1
  • SOC2 Type II
  • MSFT Cloud Security Standards

How do you ensure you are always upto date with your data protection and Information security policies?

Gladstone undertake quarterly ISO audits with an external audit completed once a year. The next audit date can be provided on request if required.

Does your software meet WCAG compliance?

Our new GladstoneGo product will meet AA compliance in 2024.

What is your disaster backup and continuity plans?

As part of our ISO27001 accreditation this is well documented. Our system backups are automated and stored in globally redundant storage. This gives us the confidence we can recover from total failure of a data centre. We regularly test these processes with a test taking place at least every 6 months. Due to the nature of how we backup our data, we treat all infrastructure as disposable, using IaC (Infrastructure as Code) means that if anything ever happens to a part of the platform which causes total failure - we can recover by deploying a fresh version built directly from our code base. In the unlikely event that the UK South data centre is offline for an extended period of time, the controls we have in place as part of our cloud platform means we can re-deploy the entire cloud platform to the UK West data centre within 6 hours. 

All Gladstone staff are setup for remote working and security controls are in place to allow them to work from anywhere in the world. 

What governing bodies are you members of?

We are currently proud members of the cyber security council and currently waiting on our application to the NCSC. We believe by being members of these governing bodies it will make us hold ourselves to account to remain the most secure we can be. Therefore enabling us to always be ahead of any cyber security trends or changes in cyber best practice.

Do all Gladstone staff complete employment checks?

Yes. We do pre-employment and on start checks as recommended by ACAS which includes the 'right to work' in the country, validation of their identity and identification validation. We currently do not complete criminal conviction checks however this is under review as part of our NCSC application. 

Does Gladstone have a DPO?

No - Gladstone currently do not have a DPO. Due to the size of Gladstone and the level of data it processes, we are not required to have one. We do however adopt this role as part of the internal Infrastructure and Security teams as a shared role and responsibility. As part of our ISO compliance, we cover a lot of the DPO role spread across the company. 

What steps to Gladstone staff have to complete before being able to manage my environment? 

All Gladstone staff, regardless of access rights sign confidentiality and non-disclosure agreements when starting. they also complete Data Protection and Information Security training when they first start.

Do you have incident-management processes in place and are they enacted in response to security incidents?

Yes, as Gladstone is fully ISO 27001 compliant, these are recorded in our processes. We adhere to the ICO guidance and work directly with them on any security incidents that occur. Any security incident that effects customer data will be communicated accordingly once an investigation has been completed. Timelines of this depend on the level of severity.

Is software development carried out in line with industry good practice regarding secure design, coding, testing and deployment?

Yes, this is covered by our secure system development policy within our ISO accreditation. We believe security starts at the code level and therefore check and monitor all stages up to development. We make use of open source tools to add automation and quality gates into our release process making sure that only high quality code can make it into the production environment. This includes checking all code against industry best practice, outdated cyphers, testing coverage and load testing.

What is Gladstones legal jurisdiction?

Gladstone are a UK based company located in Wallingford, England.