Accreditations

The PSN is a UK government funded programme which provides one large, secure communications network where public sector services spanning defence, emergency services, education, healthcare, and both local and central government can access a wide variety of data and services from a single source.

Organisations which require access to the PSN must comply with the strict security regulations in place and become accredited to work within the network at any level.

4D currently holds a PSN Connection Compliance Certificate, which allows the 4D network to be connected to the PSN to send and receive data - this requires the following audits on an annual basis:

• External penetration testing of the 4D network, appropriate 4D hosted and management systems
• Internal penetration testing of the 4D network, 4D hosted and management systems
• Audits are conducted over several days by a certified CHECK or CREST penetration tester.

There are two further types of PSN certification that clients who wish to provide services to public sector organisations may be required to achieve. Which level is required will depend on the type of services to be supplied:

• PSN Service Provision Compliance Certification: Allows you to provide services or applications over the PSN to PSN customers.
• PSN Connectivity Service Compliance Certification: Allows you to provide a component, product or service which enables PSN-connected organisations to obtain intra- and inter-organisation IP data transmission.

As with the ISO27001 certification, PSN certification can give you a competitive advantage especially if you have products or services designed to be supplied into public sector organisations.

If you are storing, transmitting or processing any credit cardholder data, then you need to utilise a data centre that meets the requirements of PCI-DSS compliance. All of 4D’s data centres are PCI compliant ensuring we can provide the physical, environmental, network and infrastructure security you need to protect sensitive cardholder data and meet PCI DSS compliance standards.

There will still be a requirement to ensure your systems and applications meet the standards of PCI-DSS, but hosting these within a compliance data centre will make the process easier and ensure that the physical, environmental, network and infrastructure security elements are already taken care of.

PCI-compliance physical security

Our physical security processes ensure that only your authorised personnel have access to your private locked racks and cages. Access to the data centre is only from pre-notified, authorised contact lists. Government issued photographic ID and biometric identification from those on the lists is required to gain access to the facilities, and proximity access cards are issued on a zoned basis to ensure access is only granted to permitted areas. We maintain environmental control with 24/7 monitoring, logged surveillance, and multiple alarm systems to alert us to any disruptions.

PCI-compliant network infrastructure

Sensitive infrastructure, such as managed dedicated servers, cloud servers, power and network infrastructure are also protected by controlled access. We operate redundant routers, switches, and paired universal threat management devices to meet PCI compliance requirements for protecting sensitive information on our network.

High-availability infrastructure

To ensure uninterrupted availability of your hosted systems, our fully redundant network and power infrastructure are built for automatic failover, guaranteeing your critical data and applications are always accessible. Our Surrey and Gatwick data centres are linked with our own dedicated fibre network with multiple 10 Gbps of bandwidth available and fully diverse routing from each facility- this provides an ideal infrastructure for data backup and disaster recovery plans, meaning your cardholder data will be recoverable even in the event of a disaster.